|
Siebel Security Guide > Configuration Parameters Related to Authentication >
Siebel Application Configuration File Parameters
A configuration file exists for each Siebel application for each language. The parameters in the file determine how the user interacts with the Application Object Manager and with the security adapter. The configuration file that controls a particular user session depends on the client with which a user connects as follows:
- Configuration file on the Siebel Server. For users connecting with the standard Siebel Web Client, application configuration files are located in the
SIEBSRVR_ROOT\bin\LANGUAGE subdirectory. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBSRVR_ROOT\bin\ENU directory.
NOTE: Most of the security-related parameters applicable to Siebel Servers (and, consequently, Siebel Web Clients) are stored in the Siebel Gateway Name Server, not in the application configuration file.
- Configuration file on the Siebel Mobile Web Client or Developer Web Client. For users connecting through the Siebel Mobile Web Client or Developer Web Client, the configuration file is located in the
SIEBEL_CLIENT_ROOT\bin\LANGUAGE subdirectory on the client. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBEL_CLIENT_ROOT\bin\ENU directory.
- The Siebel Mobile Web Client connects directly to the local database; it bypasses the Siebel Server.
- The Siebel Developer Web Client connects directly to the server database; it bypasses the Siebel Server.
In a given configuration file, some parameters might not appear by default. Others might appear with a preceding semicolon (;), indicating that the parameter is a comment and is not being interpreted. The semicolon must be deleted to make the parameter active. Changes to an application configuration file are not active until you restart the Siebel Server or Siebel client. For more information about working with configuration files, see Siebel System Administration Guide. CAUTION: The parameter values that reference directory attributes that you provide for the Siebel LDAP and ADSI security adapters are case-sensitive. The values must match the attribute names in the directory.
The parameters in the following topics are authentication-related parameters that are present by default or can be added to each application's configuration file. They are grouped by the labeled sections in which they occur. This listing does not include parameters in an application's configuration file that are not authentication-related. Parameters in the [InfraUIFramework] Section
The parameters in Table 42 apply to Siebel Mobile Web Clients and Siebel Developer Web Clients. For a description of the equivalent parameters applicable to Siebel Web Clients, see Siebel Gateway Name Server Parameters.
Table 42. InfraUIFramework Parameters in the Application Configuration File
|
|
DisableReverseProxy |
If you deploy IBM Tivoli Access Manager WebSEAL to authenticate users of Siebel Business Applications with high interactivity in a Web Single Sign-On deployment, then set DisableReverseProxy to TRUE to disable reverse proxy support. You must disable implicit reverse proxy support as IBM Tivoli Access Manager WebSEAL acts as a reverse proxy server. The default value for DisableReverseProxy is FALSE. |
SecureLogin |
(TRUE or FALSE) If TRUE, then the login form completed by the user is transmitted over TLS. This requires that you have a certificate from a certificate authority on the Web server on which the Siebel Web Engine is installed. |
SecureBrowse |
When SecureBrowse is set to TRUE, all views in the application are navigated over TLS. When SecureBrowse is set to FALSE, views in the application whose Secure attribute is set to TRUE are navigated over TLS. Siebel customer applications support switching between secure and nonsecure views, but employee applications (such as Siebel Call Center) do not. For more information, see Configuring a Siebel Web Client to Use HTTPS. For additional information about the Secure attribute for a view, see Configuring Siebel Business Applications. |
Parameters in [InfraSecMgr] Section
The parameters in Table 43 are located in the [InfraSecMgr] section of the application configuration file. These parameters apply to Siebel Mobile Web Clients and Developer Web Clients only. For a description of the equivalent parameters applicable to Siebel Web Clients, see Siebel Gateway Name Server Parameters.
Table 43. InfraSecMgr Parameters in the Application Configuration File
|
|
SecAdptMode |
Specifies the security adapter mode.
|
SecAdptName |
Specifies the name of the security adapter.
- For database authentication, specify
DBSecAdpt. For Mobile or Developer Web Client configuration, the section [DBSecAdpt] is created in the configuration file. (DBSecAdpt is the default value for SecAdptName.)
- For LDAP authentication, specify LDAPSecAdpt (or a name of your choice). For Developer Web Client configuration, the section [LDAPSecAdpt] is created by default in the configuration file if you configure LDAP using the Siebel Configuration Wizard.
- For ADSI authentication, specify ADSISecAdpt (or another name of your choice). For Developer Web Client configuration, the section [ADSISecAdpt] is created by default in the configuration file if you configure ADSI using the Siebel Configuration Wizard.
- For a custom security adapter, specify a name such as SecAdpt_Custom. You must add the applicable section to the file yourself. For example, [SecAdpt_Custom].
|
UseRemoteConfig This parameter applies only to the Siebel Developer Web Client |
Specifies the path to a configuration file that contains only parameters for a security adapter, that is, it contains parameters as they would be formatted if they were included in a section such as [LDAPSecAdpt] in an application's configuration file. You must provide the path in universal naming convention (UNC) format, that is, for example, in a form like \\server\vol\path\ldap_remote.cfg. For detailed information about using this parameter, see Security Adapters and the Siebel Developer Web Client. |
Parameters in [DBSecAdpt] Section
The parameters in Table 44 are located in the [DBSecAdpt] section (or equivalent) of the application configuration file if you are configuring the database security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter for database authentication. These parameters apply to Siebel Mobile Web Clients and Developer Web Clients only. For a description of the equivalent parameters applicable to Siebel Web Clients, see Siebel Gateway Name Server Parameters.
Table 44. DBSecAdpt Parameters in the Application Configuration File
|
|
DBSecAdpt_CRC |
Use this parameter to implement checksum validation, in order to verify that each user gains access to the database through the correct security adapter. This parameter contains the value calculated by the checksum utility for the applicable security adapter DLL. If you leave this value empty, then the check is not performed. If you upgrade your Siebel Business Applications, then you must recalculate and replace the value in this parameter. For more information, see Configuring Checksum Validation. |
DBSecAdpt_PropagateChange |
Set this parameter to TRUE to allow administration of credentials in the database through Siebel Business Applications. When an administrator then adds a user or changes a password from within a Siebel application or a user changes a password or self-registers, the change is propagated to the database. For Siebel Developer Web Client, the system preference SecThickClientExtAuthent must also be set to TRUE. For details, see Setting a System Preference for Developer Web Clients. |
DBSecAdpt_SecAdptDllName |
Specifies the DLL that implements the security adapter API required for integration with Siebel Business Applications. The file extension need not be explicitly specified. For example, sscfsadb.dll implements the database security adapter in a Windows implementation. |
DataSourceName |
Specifies the data source applicable to the specified database security adapter. |
Parameters in Data Source Section
The parameters in Table 45 are located in the data source section of the application configuration file, such as [ServerDataSrc] for the Siebel Developer Web Client, or [Local] for the Siebel Mobile Web Client.
Table 45. Data Source Parameters in the Application Configuration File
|
|
DSHashAlgorithm |
Specifies the password hashing algorithm to use if DSHashUserPwd is TRUE. The default value, RSASHA1, provides hashing using the RSA SHA-1 algorithm. The value SIEBELHASH specifies the password hashing mechanism provided by the mangle algorithm from Siebel Business Applications (supported for existing customers only). For details, see About Password Hashing. |
DSHashUserPwd |
Specifies password hashing for user passwords. Uses the hashing algorithm specified using the DSHashAlgorithm parameter. For details, see About Password Hashing. |
IntegratedSecurity |
Applicable only to Siebel Developer Web Client, with Oracle or Microsoft SQL Server database. For details, see Security Adapters and the Siebel Developer Web Client. NOTE: Integrated Security is only supported for Siebel Developer Web clients that access Oracle and Microsoft SQL Server databases. This functionality is not available for Siebel Web Clients or Siebel Mobile Web clients.
|
Parameters in [LDAPSecAdpt] or [ADSISecAdpt] Section
The following parameters are located in the [LDAPSecAdpt] or [ADSISecAdpt] section (or equivalent) of the application configuration file, according to whether you are configuring the LDAP security adapter or the ADSI security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter (for LDAP or ADSI authentication). Some parameters apply only to LDAP implementations, or only to ADSI implementations. Some parameters apply only in a Web SSO authentication environment. For more information, see the descriptions for equivalent parameters applicable to Siebel Web Client and other authentication contexts in Siebel Gateway Name Server Parameters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- SiebelUsernameAttributeType
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The parameter, EncryptApplicationPassword, can be set in the [LDAPSecAdpt] or [ADSISecAdpt] sections of an application configuration file only; it is not a Siebel Gateway Name Server parameter. Set EncryptApplicationPassword to TRUE if you want to store the encrypted value of the ApplicationPassword parameter in the application configuration file. Use the encryptstring utility to generate the encrypted value of the ApplicationPassword parameter. For information on using the encryptstring utility, see Encrypting Passwords Using the encryptstring Utility.
|
