|
Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options >
Configuring the Anonymous User
The anonymous user is a Siebel user with very limited access. The anonymous user (defined in the Siebel database) allows a user to access a login page or a page containing a login form. For LDAP and ADSI authentication, the anonymous user must have a corresponding record in the user directory. The anonymous user is required even if your applications do not allow access by unregistered users. When an Application Object Manager thread first starts up, it uses the anonymous user account to connect to the database and retrieve information (such as a license key) before presenting the login page. Anonymous Browsing and the Anonymous User
If you implement security adapter or database authentication, then you can allow or disallow unregistered users to browse a subset of an application's views. Unregistered users access Siebel application views and the database through the anonymous user record. If you allow anonymous browsing, then users can browse views that are not flagged for explicit login. If you disallow anonymous browsing, then unregistered users have no access to any of the application's views but do still have access to an application's login page. For additional information on enabling anonymous browsing, see Process of Implementing Anonymous Browsing. The following procedure describes how to configure the anonymous user. To configure the anonymous user
- If you are using database security adapter authentication, then create a database account for the anonymous user.
- If you are using LDAP or ADSI security adapter authentication, then define a user in the directory using the same attributes as used for other users. Assign values in appropriate attributes that contain the following information:
- Siebel user ID. Enter the user ID of the anonymous user record for the Siebel application you are implementing in the attribute in which you store the Siebel user ID, for example, GUESTCST.
- Password. Assign a password of your choice. Enter the password in unencrypted form. If you have implemented Active Directory, then you specify the password using Active Directory user management tools, not as an attribute.
- Specify values for the following parameters, either when configuring the SWSE logical profile (recommended), or by editing the eapps.cfg file manually:
- AnonUserName. Enter the user name required for anonymous browsing and initial access to the login pages of the application you are implementing, in this example,
GUESTCST.
- AnonPassword. Enter the password associated with the anonymous user. If necessary, you can manually encrypt this password using the encryptstring.exe utility. For additional information, see Encrypting Passwords Using the encryptstring Utility.
You can define an anonymous user for a single application or as the default for all the Siebel Business Applications you deploy. Even if the anonymous user is specified as the default, any single application can override the default.
If you use one anonymous user for most or all of your applications, then define the anonymous user in the [defaults] section of the eapps.cfg file. To override the default value for an individual application, list the AnonUserName and AnonPassword parameters in the application's section of the eapps.cfg file, for example, the [/eservice] section.
|
