Siebel Security Guide


What's New in This Release


Back to top


About Security for Siebel Business Applications

General Security Concepts

Industry Standards for Security

Siebel Security Architecture

User Authentication for Secure System Access

Security Adapter SDK

End-to-End Encryption for Data Confidentiality

Controlling Access to Data

Support for Auditing in a Siebel Environment

Secure Physical Deployment to Prevent Intrusion

Security for Mobile Solutions

Security Settings for the Web Browser

Web Sites With Security Information

Roadmap for Configuring Security


Back to top


Changing or Adding Passwords

Changing Passwords

Changing System Administrator Passwords on Microsoft Windows

Changing the Siebel Administrator Password on UNIX

Changing the Table Owner (DBO) Password

Troubleshooting Password Changes By Checking for Failed Server Tasks

Changing Passwords in the Siebel Management Framework

Changing the Siebel Diagnostic Tool User's Password

Changing a Siebel User Account Password in the Siebel Management Framework

Changing the Siebel Enterprise Security Token

Managing Encrypted Passwords in the eapps.cfg File

Encrypting Passwords Using the encryptstring Utility

About Password Encryption


Back to top


Physical Deployment and Auditing

About the Siebel Network

Firewall and Proxy Server Support

Role of Siebel Server Load Balancing in Network Security

About Selecting Port Numbers

Restricting Access to Siebel Components

Auditing for Data Continuity

Securing Siebel Reports Server

Securing Communications Between the Siebel Web Client and Actuate Active Portal

Securing Communications Between the AOM and Actuate iServer

Securing Siebel Document Server


Back to top


Communications and Data Encryption

Types of Encryption

Process of Configuring Secure Communications

About Certificates and Key Files Used for SSL Authentication

Installing Certificate Files

Configuring SSL Mutual Authentication

About Configuring Communications Encryption for Siebel Enterprise and SWSE

Configuring SSL Encryption for the Siebel Enterprise or a Siebel Server

Configuring SSL Encryption for SWSE

About Configuring SSL for the Siebel Management Framework

Enabling SSL Acceleration for Web Server and Web Client Communications

About Configuring Encryption for Web Clients

Configuring Encryption for Mobile Web Client Synchronization

About Data Encryption

How Data Encryption Works

Requirements for Data Encryption

Encrypted Database Columns

Upgrade Issues for Data Encryption

Configuring Encryption and Search on Encrypted Data

Managing the Key File Using the Key Database Manager

Adding New Encryption Keys

Changing the Key File Password

About Upgrading Data to a Higher Encryption Level

Process of Upgrading Encrypted Data to a Higher Encryption Level

Requirements for Upgrading to a Higher Encryption Level

Modifying the Input File

Running the Encryption Upgrade Utility

About the Siebel Strong Encryption Pack

Installing the Siebel Strong Encryption Pack

Increasing the Encryption Level

Reencrypting Masked Parameters

Security Considerations for Unicode Support


Back to top


Security Adapter Authentication

About User Authentication

Comparison of Authentication Strategies

About Siebel Security Adapters

Configuring Database Authentication

About LDAP or ADSI Security Adapter Authentication

LDAP and ADSI Security Adapter Authentication Process

Comparison of LDAP and ADSI Security Adapters

Requirements for the LDAP or ADSI Directory

About Installing LDAP Client Software

Process of Installing and Configuring LDAP Client Software

Considerations for Secure LDAP Using SSL

Installing the IBM LDAP Client and IBM GSKit on Windows

Installing the IBM LDAP Client and IBM GSKit on Oracle Solaris

Installing the IBM LDAP Client and IBM GSKit on AIX

Installing the IBM LDAP Client and IBM GSKit on HP-UX

Installing the IBM LDAP Client and IBM GSKit on Linux

Configuring the siebenv.csh and siebenv.sh Scripts for the LDAP Client

Configuring the IBM GSKit

Generating a CMS Key Database Using IBM GSKit

Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard

Process of Implementing LDAP or ADSI Security Adapter Authentication

Requirements for Implementing an LDAP or ADSI Authentication Environment

About Creating a Database Login

Setting Up the LDAP or ADSI Directory

Creating Users in the LDAP or ADSI Directory

Adding User Records in the Siebel Database

Setting Security Adapter Parameters in the SWSE Configuration File (eapps.cfg)

Configuring Security Adapter Gateway Name Server Parameters

Configuring LDAP or ADSI Authentication for Developer Web Clients

Restarting Servers

Testing the LDAP or ADSI Authentication System

About Migrating from Database to LDAP or ADSI Authentication

About Password Hashing

Overview of the Login Process When Password Hashing Is Enabled

Process of Configuring User and Credentials Password Hashing

Guidelines for Password Hashing

Configuring User Password Hashing

Configuring Database Credentials Password Hashing

Running the Password Hashing Utility

Security Adapter Deployment Options

Configuring the Application User

Configuring Checksum Validation

Configuring Secure Communications for Security Adapters

Configuring the Shared Database Account

Configuring Adapter-Defined User Name

Configuring the Anonymous User

Configuring Roles Defined in the Directory

Security Adapters and the Siebel Developer Web Client

Authentication for Mobile Web Client Synchronization


Back to top


Web Single Sign-On Authentication

About Web Single Sign-On

Web SSO Authentication Process

Web SSO Limitations

About Implementing Web SSO Authentication

Process of Implementing Web Single Sign-On

Requirements for Implementing Web SSO in a Specified Environment

Creating Protected Virtual Directories

About Creating a Database Login

Setting Up the ADSI Directory

Creating Users in the Directory

Adding User Records in the Siebel Database

Setting Authentication Parameters in the SWSE Configuration File (eapps.cfg)

Setting Authentication Parameters for the Siebel Gateway Name Server

Editing Parameters in the Application Configuration File

Restarting Servers

Testing Web SSO Authentication

Digital Certificate Authentication

Configuring the User Specification Source


Back to top


Security Features of Siebel Web Server Extension

Configuring a Siebel Web Client to Use SSL

Login Security Features

About Using Cookies with Siebel Business Applications

Session Cookie

Auto-Login Credential Cookie

Siebel QuickStart Cookie

Enabling Cookies for Siebel Business Applications


Back to top


User Administration

About User Registration

Configuring Anonymous Browsing

About Anonymous Browsing and Unregistered Users

Implementing Anonymous Browsing

Configuring Views for Anonymous Browsing or Explicit Login

About Self-Registration

Implementing Self-Registration

Self-Registration and the Anonymous User Record

Setting Configuration Parameters for Self-Registration

Activating Workflow Processes for Self-Registration

Modifying Self-Registration Views and Workflows

Managing Duplicate Users

Managing Forgotten Passwords

User Experience for a Forgotten Password

Defining Password Length for System-Generated Passwords

Architecture for Forgotten Passwords

Modifying the Workflow Process for Forgotten Passwords

Modifying Workflow Process to Query Null Fields

Modifying Workflow Process to Request Different Identification Data

Internal Administration of Users

Adding a User to the Siebel Database

Adding a New Employee

Adding a New Partner User

Adding a New Contact User

Promoting a Contact to a Contact User

Modifying the New Responsibility Field for a User Record

Delegated Administration of Users

User Authentication Requirements for Delegated Administration

Access Considerations for Delegated Administration

Registering Contact Users—Delegated Administration

Registering Partner Users—Delegated Administration

Maintaining a User Profile

Editing Personal Information

Changing a Password

Changing the Active Position


Back to top


Configuring Access Control

About Access Control

Access Control for Parties

Access Control for Data

Access Control Mechanisms

About Personal Access Control

About Position Access Control

About Single-Position Access Control

About Team (Multiple-Position) Access Control

About Manager Access Control

About Organization Access Control

About Single- and Multiple-Organization Access Control

About Suborganization Access Control

About All Access Control

About Access-Group Access Control

Planning for Access Control

Access Control and Business Environment Structure

Planning for Divisions

Planning for Organizations

Planning for Positions

Planning for Responsibilities

About Implementing Access Control

Applications and Access Control

Setting Up Divisions, Organizations, Positions, and Responsibilities

Responsibilities and Access Control

Business Component View Modes

Business Component View Mode Fields

Viewing an Applet's Access Control Properties

Listing View Access Control Properties

Example of Flexible View Construction

Implementing Access-Group Access Control

Scenario For Implementing Access-Group Access Control

Viewing Categorized Data (The User's Experience)

Administrative Tasks

About Administering Catalogs of Data

Administering Positions, Organizations, Households, and User Lists

Administering Access Groups

Associating Access Groups with Data

Managing Tab Layouts Through Responsibilities

Specifying Tab Layouts For Responsibilities

Assigning a Primary Responsibility

Exporting and Importing Tab Layouts

Managing Tasks Through Responsibilities

Administering Access Control for Business Services

Associating a Business Service with a Responsibility

Associating a Responsibility with a Business Service

Example of Associating a Responsibility with Business Service Methods

Clearing Cached Business Services

Disabling Access Control for Business Services

Administering Access Control for Business Processes

Clearing Cached Responsibilities

About Configuring Visibility of Pop-Up and Pick Applets

About Configuring Drilldown Visibility

Party Data Model

How Parties Relate to Each Other

Person (Contact) Data Model

User Data Model

Employee Data Model

Position Data Model

Account Data Model

Division Data Model

Organization Data Model

Partner Organization Data Model

Household Data Model

User List Data Model

Access Group Data Model


Back to top


Troubleshooting Security Issues

User Authentication Issues

User Registration Issues

Access Control Issues


Back to top


Configuration Parameters Related to Authentication

Parameters in the eapps.cfg File

Siebel Gateway Name Server Parameters

Siebel Application Configuration File Parameters


Back to top


Seed Data

Seed Employee

Seed Users

Seed Responsibilities

Seed Position and Organization

Seed Database Login


Back to top


Addendum for Siebel Financial Services

Siebel Financial Services Applications

User Authentication for Siebel Financial Services

User Registration and Administration for Siebel Financial Services

Seed Data

Unregistered Users and Anonymous Browsing

Self-Registration

Internal Administration of Users

External Administration of Users

Maintaining a User Profile

Basic Access Control for Siebel Financial Services

Access Control Mechanisms

Administration of Access-Group Access Control

Configuration File Names for Siebel Financial Services Applications

Seed Data for Siebel Financial Services

Seed Users

Seed Responsibilities

Back to top

Siebel Security Guide Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices.