|
Security Guide for Siebel eBusiness Applications > Configuration Parameters Related to Authentication >
Siebel Application Configuration File Parameters
A configuration file exists for each Siebel eBusiness Application for each language. The parameters in the file determine how the user interacts with the AOM and with the security adapter. The configuration file that controls a particular user session depends on the client with which a user connects.
- Configuration file on the Siebel Server. For users connecting with the standard Siebel Web Client, application configuration files are located in the SIEBSRVR_ROOT\bin\LANGUAGE subdirectory. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBSRVR_ROOT\bin\ENU directory.
NOTE: Most of the security-related parameters applicable to Siebel Servers (and, consequently, Siebel Web Clients) are stored in the Name Server. Parameters in the [SWE] section of the configuration file do apply to Siebel Servers. However, most other parameters described in this section do not apply to the Siebel Server.
- Configuration file on the Siebel Mobile Web Client or Dedicated Web Client. For users connecting through the Siebel Mobile Web Client or Dedicated Web Client, the configuration file is located in the SIEBEL_CLIENT_ROOT\bin\LANGUAGE subdirectory on the client. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBEL_CLIENT_ROOT\bin\ENU directory.
For more information about working with configuration files, see Siebel System Administration Guide. In a given configuration file, some parameters may not appear by default. Others may appear with a preceding semicolon (;), indicating that the parameter is a comment and is not being interpreted. The semicolon must be deleted to make the parameter active. Changes to an application configuration file are not active until you restart the Siebel Server or Siebel client. CAUTION: The parameter values that reference directory attributes that you provide for the Siebel LDAP and ADSI security adapters are case-sensitive. The values must match the attribute names in the directory.
The following parameters are authentication-related parameters that are present by default or can be added to each application's configuration file. They are grouped by the labeled sections in which they occur. This listing does not include parameters in an application's configuration file that are not authentication-related. Parameters in [SWE] Section
The following parameters are located in the [SWE] section of the application configuration file. These parameters apply to all Siebel client types.
- AllowAnonUsers. (
TRUE or FALSE) Unregistered users are not allowed access to this Siebel application if this parameter value is FALSE.
- SecureLogin. (
TRUE or FALSE) If TRUE, the login form completed by the user is transmitted over Secure Sockets Layer (SSL). This requires that you have a certificate from a certificate authority on the Web server on which the Siebel Web Engine is installed.
- SecureBrowse. When
SecureBrowse is set to TRUE, all views in the application are navigated over SSL. When SecureBrowse is set to FALSE, views in the application whose Secure attribute is set to TRUE are navigated over SSL.
CAUTION: Siebel customer applications support switching between secure and nonsecure views, but employee applications (such as Siebel Call Center) do not. For more information, see Configuring Secure Views.
For information about the Secure attribute for a view, see Configuring Siebel eBusiness Applications.
Parameters in [InfraSecMgr] Section
The following parameters are located in the [InfraSecMgr] section of the application configuration file. NOTE: These parameters apply to Siebel Mobile Web Client and Dedicated Web Client only. For SecAdptMode and SecAdptName, see the descriptions for the equivalent parameters in Siebel Gateway Name Server Parameters.
- SecAdptMode. Specifies the security adapter mode.
- For database authentication, specify
DB. (DB is the default value for SecAdptMode.)
- For LDAP authentication, specify
LDAP.
- For ADSI authentication, specify
ADSI.
- For a custom security adapter, specify
CUSTOM.
- SecAdptName. Specifies the name of the security adapter.
- For database authentication, specify
DBSecAdpt. For Mobile or Dedicated Web Client configuration, the section [DBSecAdpt] is created in the configuration file. (DBSecAdpt is the default value for SecAdptName.)
- For LDAP authentication, specify
LDAPSecAdpt (or another name of your choice). For Dedicated Web Client configuration, the section [LDAPSecAdpt] is created by default in the configuration file if you configure LDAP using the LDAP/ADSI Configuration Utility.
- For ADSI authentication, specify
ADSISecAdpt (or another name of your choice). For Dedicated Web Client configuration, the section [ADSISecAdpt] is created by default in the configuration file if you configure ADSI using the LDAP/ADSI Configuration Utility.
- For a custom security adapter, specify a name such as
SecAdpt_Custom. (You must add the applicable section to the file.)
NOTE: If you implement a custom, non-Siebel security adapter, you must configure your adapter to interpret the parameters used by the Siebel adapters if you want to use those parameters.
The following parameter applies only to the Siebel Dedicated Web Client:
- UseRemoteConfig. Specifies the path to a configuration file that contains only parameters for a security adapter, that is, it contains parameters as they would be formatted if they were included in a section such as [LDAPSecAdpt] in an application's configuration file.
You must provide the path in universal naming convention (UNC) format—that is, for example, in a form like \\server\vol\path\ldap_remote.cfg.
For detailed information about using this parameter, see Security Adapters and Siebel Dedicated Web Client.
Parameters in [DBSecAdpt] Section
The following parameters are located in the [DBSecAdpt] section (or equivalent) of the application configuration file, if you are configuring the database security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter for database authentication. NOTE: These parameters apply to Siebel Mobile Web Client and Dedicated Web Client only. For more information, see the descriptions for equivalent parameters applicable to Siebel Web Client and other authentication contexts, in Siebel Gateway Name Server Parameters.
- DBSecAdpt_CRC. Use this parameter to implement checksum validation, in order to verify that each user gains access to the database through the correct security adapter. This parameter contains the value calculated by the checksum utility for the applicable security adapter DLL. If you leave this value empty, the system does not perform the check. If you upgrade your system, you must recalculate and replace the value in this parameter.
For more information, see Configuring Checksum Validation.
- DBSecAdpt_PropagateChange. Set this parameter to
TRUE to allow administration of credentials in the database through Siebel applications. When an administrator then adds a user or changes a password from within a Siebel application or a user changes a password or self-registers, the change is propagated to the database.
For Siebel Dedicated Web Client, the system preference SecThickClientExtAuthent must also be set to TRUE. For details, see System Preference.
- DBSecAdpt_SecAdptDllName. Specifies the DLL that implements the security adapter API required for integration with Siebel eBusiness Applications. The file extension need not be explicitly specified. For example, sscfsadb.dll implements the database security adapter in a Windows implementation.
- DataSourceName. Specifies the data source applicable to the specified database security adapter.
Parameters in Data Source Section
The following parameters are located in the data source section of the application configuration file, such as [ServerDataSrc] (for Siebel Dedicated Web Client) or [Local] (for Siebel Mobile Web Client).
- DSHashAlgorithm. Specifies the password hashing algorithm to use, if
DSHashUserPwd is TRUE. The default value, RSASHA1, provides hashing using the RSA SHA-1 algorithm. The value SIEBELHASH specifies the password hashing mechanism provided by the mangle algorithm from Siebel Systems (supported for existing customers only). For details, see Configuring Password Hashing.
- DSHashUserPwd. Specifies password hashing for user passwords. Uses the hashing algorithm specified using the
DSHashAlgorith parameter. For details, see Configuring Password Hashing.
- IntegratedSecurity. Applicable only to Siebel Dedicated Web Client, with Oracle or Microsoft SQL Server database. For details, see Security Adapters and Siebel Dedicated Web Client.
Parameters in [LDAPSecAdpt] or [ADSISecAdpt] Section
The following parameters are located in the [LDAPSecAdpt] or [ADSISecAdpt] section (or equivalent) of the application configuration file, according to whether you are configuring the LDAP security adapter or the ADSI security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter (for LDAP or ADSI authentication). Some parameters apply only to LDAP implementations, or only to ADSI implementations. Some parameters apply only in a Web SSO authentication environment. LDAP and ADSI authentication do not apply to the Siebel Mobile Web Client. The following parameters also apply to the Siebel Dedicated Web Client. For more information, see the descriptions for equivalent parameters applicable to Siebel Web Client and other authentication contexts, in Siebel Gateway Name Server Parameters.
- ApplicationPassword
- ApplicationUser
- BaseDN
- CRC
- CredentialsAttributeType
- HashAlgorithm
- HashDBPwd
- HashUserPwd
- PasswordAttributeType
- PasswordExpireWarnDays
- Port
- PropagateChange
- RolesAttributeType
- SecAdptDllName
- ServerName
- SharedCredentialsDN
- SiebelUsernameAttributeType
- SingleSignOn
- SslDatabase
- TrustToken
- UseAdapterUsername
- UsernameAttributeType
|
