|
Siebel Security Guide
What's New in This Release
Back to top
About Security for Siebel Business Applications
General Security Concepts
Industry Standards for Security
Siebel Security Architecture
User Authentication for Secure System Access
Security Adapter SDK
End-to-End Encryption for Data Confidentiality
About Controlling Access to Data
Support for Auditing in a Siebel Environment
Secure Physical Deployment to Prevent Intrusion
Security for Mobile Solutions
Security Settings for the Web Browser
Bibliography of Security References
Roadmap for Configuring Security
Back to top
Changing or Adding Passwords
About Changing Passwords
Changing System Administrator Passwords on Microsoft Windows
Changing the Siebel Administrator Password on UNIX
About the Gateway Name Server Authentication Password
Changing the Table Owner (DBO) Password
Troubleshooting Password Changes By Checking for Failed Server Tasks
Changing Passwords in the Siebel Management Framework
Changing the Siebel Diagnostic Tool User's Password
Changing a Siebel User Account Password in the Siebel Management Framework
Changing the Siebel Enterprise Security Token
Encrypted Passwords in the eapps.cfg File
Encrypting Passwords Using the encryptstring Utility
About Password Encryption
Back to top
Physical Deployment and Auditing
About the Siebel Network
Firewall and Proxy Server Support
Role of Siebel Server Load Balancing in Networking Security
About Selecting Port Numbers
About Restricting Access to Siebel Components
About Siebel Audit Trail
Securing Siebel Document Server
Back to top
Communications and Data Encryption
Types of Encryption
Process of Configuring Secure Communications
About Certificates and Private Key Files Used for SSL Authentication
Installing Certificate and Authority Files
Configuring SSL Mutual Authentication
About Configuring Encryption for a Siebel Enterprise and SWSE
Configuring SSL Encryption for a Siebel Enterprise or Siebel Server
Configuring SSL Encryption for SWSE
About Configuring SSL Encryption for the Siebel Management Framework
Configuring SSL Encryption for the Siebel Management Agent
Configuring SSL Encryption for the Siebel Management Server
Enabling SSL Acceleration for Web Server and Web Client Communications
About Configuring Encryption for Web Clients
Configuring Encryption for Mobile Web Client Synchronization
About Data Encryption
How Data Encryption Works
Requirements for Data Encryption
Encrypted Database Columns
Upgrade Issues for Data Encryption
Configuring Encryption and Search on Encrypted Data
Managing the Key File Using the Key Database Manager
Adding New Encryption Keys
Changing the Key File Password
About Upgrading Data to a Higher Encryption Level
Process of Upgrading Data to a Higher Encryption Level
Requirements for Upgrading to a Higher Encryption Level
Modifying the Input File
Running the Encryption Upgrade Utility
About the Siebel Strong Encryption Pack
Installing the Siebel Strong Encryption Pack
Increasing the Encryption Level
About Reencrypting Masked Parameters
Security Considerations for Unicode Support
Back to top
Security Adapter Authentication
About User Authentication
Comparison of Authentication Strategies
About Siebel Security Adapters
About Database Authentication
Implementing Database Authentication
Implementing Database Authentication with MS SQL Server
About LDAP or ADSI Security Adapter Authentication
Requirements for the LDAP or ADSI Directory
Process of Installing and Configuring LDAP Client Software
Considerations for Secure LDAP Using SSL
Installing the IBM LDAP Client and IBM GSKit on Windows
Installing the IBM LDAP Client and IBM GSKit on Solaris
Installing the IBM LDAP Client and IBM GSKit on AIX
Installing the IBM LDAP Client and IBM GSKit on HP-UX
Installing the IBM LDAP Client and IBM GSKit on Linux
Configuring the siebenv.csh and siebenv.sh Scripts for the LDAP Client
Configuring the IBM GSKit
Generating a CMS Key Database Using IBM GSKit
Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard
Process of Implementing LDAP or ADSI Security Adapter Authentication
Requirements for Implementing an LDAP or ADSI Authentication Environment
About Creating a Database Login
Setting Up the LDAP or ADSI Directory
Creating Users in the LDAP or ADSI Directory
Adding User Records in the Siebel Database
Setting Security Adapter Parameters in the SWSE Configuration File (eapps.cfg)
Configuring Security Adapter Gateway Name Server Parameters
Configuring LDAP or ADSI Authentication for Developer Web Clients
Restarting Servers
Testing the LDAP or ADSI Authentication System
About Migrating from Database to LDAP or ADSI Authentication
Security Adapter Deployment Options
Configuring the Application User
Configuring Checksum Validation
Configuring Secure Communications for Security Adapters
Configuring the Shared Database Account
Configuring Adapter-Defined User Name
Configuring the Anonymous User
Configuring Roles Defined in the Directory
About Password Hashing
Process of Configuring User and Credentials Password Hashing
Guidelines for Password Hashing
Configuring User Password Hashing
Configuring Database Credentials Password Hashing
Running the Password Hashing Utility
Security Adapters and the Siebel Developer Web Client
About Authentication for Mobile Web Client Synchronization
Authentication for Gateway Name Server Access
About Securing Access to Siebel Reports
Back to top
Web Single Sign-On Authentication
About Web Single Sign-On
Web Single Sign-On Authentication Process
Web Single Sign-On Limitations
About Implementing Web Single Sign-On Authentication
Process of Implementing Web Single Sign-On
Requirements for Implementing Web SSO in a Specified Environment
Creating Protected Virtual Directories
Setting Up the ADSI Directory
Creating Users in the Directory
Adding User Records in the Siebel Database
Setting Authentication Parameters in the SWSE Configuration File (eapps.cfg)
Setting Authentication Parameters for the Gateway Name Server
Editing Parameters in the Application Configuration File
Restarting Servers
Testing Web SSO Authentication
About Digital Certificate Authentication
Configuring the User Specification Source
Back to top
Security Features of Siebel Web Server Extension
Configuring a Siebel Web Client to Use SSL
Login Security Features
About Using Cookies With Siebel Business Applications
Session Cookie
Auto-Login Credential Cookie
Siebel QuickStart Cookie
Enabling Cookies for Siebel Business Applications
Back to top
User Administration
About User Registration
About Anonymous Browsing
Process of Implementing Anonymous Browsing
Anonymous Browsing and the Anonymous User Record
Setting Configuration Parameters for Anonymous Browsing
Configuring Views for Anonymous Browsing or Explicit Login
About Self-Registration
Process of Implementing Self-Registration
Self-Registration and the Anonymous User Record
Setting the PropagateChange Parameter for Self-Registration
About Activating Workflow Processes for Self-Registration
(Optional) Modifying Self-Registration Views and Workflows
(Optional) Managing Duplicate Users
About Managing Forgotten Passwords
Retrieving a Forgotten Password (the User Experience)
Defining Password Length for Generated Passwords
Architecture for Forgotten Passwords
About Modifying the Workflow Process for Forgotten Passwords
Modifying Workflow Process to Query Null Fields
Modifying Workflow Process to Request Different Identification Data
Internal Administration of Users
About Adding a User to the Siebel Database
Adding a New Employee
About Adding a New Partner User
Adding a New Contact User
Modifying the New Responsibility for a User Record
Delegated Administration of Users
User Authentication Requirements for Delegated Administration
Access Considerations for Delegated Administration
Registering Contact Users (Delegated Administration)
Registering Partner Users (Delegated Administration)
Maintaining a User Profile
Editing Personal Information
Changing a Password
Changing the Active or Primary Position
Back to top
Configuring Access Control
About Access Control
Access Control for Parties
Access Control for Data
Access Control Mechanisms
About Personal Access Control
About Position Access Control
About Single-Position Access Control
About Team (Multiple-Position) Access Control
About Manager Access Control
About Organization Access Control
About Single- and Multiple-Organization Access Control
About Suborganization Access Control
About All Access Control
About Access-Group Access Control
Planning for Access Control
Access Control and Business Environment Structure
About Planning for Divisions
About Planning for Organizations
About Planning for Positions
About Planning for Responsibilities
Setting Up Divisions, Organizations, Positions, and Responsibilities
About View and Data Access Control
Listing the Views in an Application
Responsibilities and Access Control
Viewing Business Component View Modes
Viewing an Applet's Access Control Properties
Listing View Access Control Properties
Example of Flexible View Construction
About Implementing Access-Group Access Control
Scenario That Applies Access-Group Access Control
Viewing Categorized Data (The User's Experience)
Implementing Access-Group Access Control
About Administering Catalogs of Data
Administration Tasks for Positions, Organizations, Households, and User Lists
Administering Access Groups
Associating Access Groups with Data
Managing Tab Layouts Through Responsibilities
Specifying Tab Layouts For Responsibilities
Assigning a Primary Responsibility
Exporting and Importing Tab Layouts
Administering Access Control for Business Services
Associating a Business Service with a Responsibility
Associating a Responsibility with a Business Service
Example of Associating a Responsibility with Business Service Methods
Clearing Cached Business Services
Disabling Access Control for Business Services
Administering Access Control for Business Processes
Administering Access Control for Tasks
Associating a Task with a Responsibility
Associating a Responsibility with a Task
Clearing Cached Responsibilities
About Configuring Visibility of Pop-Up and Pick Applets
About Configuring Drilldown Visibility
Party Data Model
How Parties Relate to Each Other
Person (Contact) Data Model
User Data Model
Employee Data Model
Position Data Model
Account Data Model
Division Data Model
Organization Data Model
Partner Organization Data Model
Household Data Model
User List Data Model
Access Group Data Model
Back to top
Troubleshooting Security Issues
User Authentication Issues
User Registration Issues
Access Control Issues
Back to top
Configuration Parameters Related to Authentication
Parameters in the eapps.cfg File
Siebel Gateway Name Server Parameters
Parameters in the gateway.cfg File
Siebel Application Configuration File Parameters
Back to top
Seed Data
Seed Employee
Seed Users
Seed Responsibilities
Seed Position and Organization
Seed Database Login
Back to top
Addendum for Siebel Financial Services
Siebel Financial Services Applications
User Authentication for Siebel Financial Services
User Registration and Administration for Siebel Financial Services
Seed Data
Unregistered Users and Anonymous Browsing
Self-Registration
Internal Administration of Users
External Administration of Users
Maintaining a User Profile
Basic Access Control for Siebel Financial Services
Access Control Mechanisms
Administration of Access-Group Access Control
Configuration File Names for Siebel Financial Services Applications
Seed Data for Siebel Financial Services
Seed Users
Seed Responsibilities
Back to top
| 
