Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Configuration Parameters Related to Authentication >

Siebel Application Configuration File Parameters

A configuration file exists for each Siebel application for each language. The parameters in the file determine how the user interacts with the AOM and with the security adapter.

The configuration file that controls a particular user session depends on the client with which a user connects.

  • Configuration file on the Siebel Server. For users connecting with the standard Siebel Web Client, application configuration files are located in the SIEBSRVR_ROOT\bin\LANGUAGE subdirectory. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBSRVR_ROOT\bin\ENU directory.

    Most of the security-related parameters applicable to Siebel Servers (and, consequently, Siebel Web Clients) are stored in the Siebel Gateway Name Server, not in the application configuration file.

  • Configuration file on the Siebel Mobile Web Client or Developer Web Client. For users connecting through the Siebel Mobile Web Client or Developer Web Client, the configuration file is located in the SIEBEL_CLIENT_ROOT\bin\LANGUAGE subdirectory on the client. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBEL_CLIENT_ROOT\bin\ENU directory.
    • The Siebel Mobile Web Client connects directly to the local database; it bypasses the Siebel Server.
    • The Siebel Developer Web Client connects directly to the server database; it bypasses the Siebel Server.

For more information about working with configuration files, see Siebel System Administration Guide.

In a given configuration file, some parameters might not appear by default. Others might appear with a preceding semicolon (;), indicating that the parameter is a comment and is not being interpreted. The semicolon must be deleted to make the parameter active. Changes to an application configuration file are not active until you restart the Siebel Server or Siebel client.

NOTE:  The parameter values that reference directory attributes that you provide for the Siebel LDAP and ADSI security adapters are case-sensitive. The values must match the attribute names in the directory.

The following parameters are authentication-related parameters that are present by default or can be added to each application's configuration file. They are grouped by the labeled sections in which they occur. This listing does not include parameters in an application's configuration file that are not authentication-related.

Parameters in [InfraUIFramework] Section

The following parameters apply to Siebel Mobile Web Clients and Siebel Developer Web Clients. For a description of the equivalent parameters applicable to Siebel Web Clients, see Siebel Gateway Name Server Parameters.

  • DisableReverseProxy. If you deploy IBM Tivoli Access Manager WebSEAL to authenticate users of Siebel Business Applications with high interactivity in a Web Single Sign-On deployment, set DisableReverseProxy to TRUE to disable reverse proxy support. You must disable implicit reverse proxy support as IBM Tivoli Access Manager WebSEAL acts as a reverse proxy server. The default value for DisableReverseProxy is FALSE.
  • SecureLogin. (TRUE or FALSE) If TRUE, the login form completed by the user is transmitted over Secure Sockets Layer (SSL). This requires that you have a certificate from a certificate authority on the Web server on which the Siebel Web Engine is installed.
  • SecureBrowse. When SecureBrowse is set to TRUE, all views in the application are navigated over SSL. When SecureBrowse is set to FALSE, views in the application whose Secure attribute is set to TRUE are navigated over SSL.

    NOTE:  Siebel customer applications support switching between secure and nonsecure views, but employee applications (such as Siebel Call Center) do not. For more information, see Configuring a Siebel Web Client to Use SSL.

    For information about the Secure attribute for a view, see Configuring Siebel Business Applications.

Parameters in [InfraSecMgr] Section

The following parameters are located in the [InfraSecMgr] section of the application configuration file. These parameters apply to Siebel Mobile Web Client and Developer Web Clients.

  • SecAdptMode. Specifies the security adapter mode.
    • For database authentication, specify DB. (DB is the default value for SecAdptMode.)
    • For LDAP authentication, specify LDAP.
    • For ADSI authentication, specify ADSI.
    • For a custom security adapter, specify CUSTOM.
  • SecAdptName. Specifies the name of the security adapter.
    • For database authentication, specify DBSecAdpt. For Mobile or Developer Web Client configuration, the section [DBSecAdpt] is created in the configuration file. (DBSecAdpt is the default value for SecAdptName.)
    • For LDAP authentication, specify LDAPSecAdpt (or another name of your choice). For Developer Web Client configuration, the section [LDAPSecAdpt] is created by default in the configuration file if you configure LDAP using the Siebel Configuration Wizard.
    • For ADSI authentication, specify ADSISecAdpt (or another name of your choice). For Developer Web Client configuration, the section [ADSISecAdpt] is created by default in the configuration file if you configure ADSI using the Siebel Configuration Wizard.
    • For a custom security adapter, specify a name such as SecAdpt_Custom. You must add the applicable section to the file yourself. For example, [SecAdpt_Custom].
  • UseRemoteConfig. This parameter applies only to the Siebel Developer Web Client. It specifies the path to a configuration file that contains only parameters for a security adapter, that is, it contains parameters as they would be formatted if they were included in a section such as [LDAPSecAdpt] in an application's configuration file.

    You must provide the path in universal naming convention (UNC) format—that is, for example, in a form like server\vol\path\ldap_remote.cfg. For detailed information about using this parameter, see Security Adapters and the Siebel Developer Web Client.

If you implement a custom, non-Siebel security adapter, you must configure your adapter to interpret the parameters used by the Siebel adapters if you want to use those parameters.

Parameters in [DBSecAdpt] Section

The following parameters are located in the [DBSecAdpt] section (or equivalent) of the application configuration file, if you are configuring the database security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter for database authentication.

These parameters apply to Siebel Mobile Web Client and Developer Web Client only. For more information, see the descriptions for equivalent parameters applicable to Siebel Web Client and other authentication contexts, in Siebel Gateway Name Server Parameters.

  • DBSecAdpt_CRC. Use this parameter to implement checksum validation, in order to verify that each user gains access to the database through the correct security adapter. This parameter contains the value calculated by the checksum utility for the applicable security adapter DLL. If you leave this value empty, the system does not perform the check. If you upgrade your system, you must recalculate and replace the value in this parameter.

    For more information, see Configuring Checksum Validation.

  • DBSecAdpt_PropagateChange. Set this parameter to TRUE to allow administration of credentials in the database through Siebel Business Applications. When an administrator then adds a user or changes a password from within Siebel Business Applications, or a user changes a password or self-registers, the change is propagated to the database.

    For Siebel Developer Web Client, the system preference SecThickClientExtAuthent. must also be set to TRUE. For details, see Setting a System Preference for Developer Web Clients

  • DBSecAdpt_SecAdptDllName. Specifies the DLL that implements the security adapter API required for integration with Siebel Business Applications. The file extension does not have to be explicitly specified. For example, sscfsadb.dll implements the database security adapter in a Windows implementation.
  • DataSourceName. Specifies the data source applicable to the specified database security adapter.

Parameters in the Data Source Section

The following parameters are located in the data source section of the application configuration file, such as [ServerDataSrc] (for Siebel Developer Web Client) or [Local] (for Siebel Mobile Web Client).

  • DSHashAlgorithm. Specifies the password hashing algorithm to use, if DSHashUserPwd is TRUE. The default value, RSASHA1, provides hashing using the RSA SHA-1 algorithm. The value SIEBELHASH specifies the password hashing mechanism provided by the mangle algorithm from Siebel Business Applications (supported for existing customers only). For details, see About Password Hashing.
  • DSHashUserPwd. Specifies password hashing for user passwords. Uses the hashing algorithm specified using the DSHashAlgorithm parameter. For details, see Process of Configuring User and Credentials Password Hashing.
  • IntegratedSecurity. Applicable only to Siebel Developer Web Client, with Oracle or Microsoft SQL Server database. For details, see Security Adapters and the Siebel Developer Web Client.

Parameters in [LDAPSecAdpt] or [ADSISecAdpt] Section

The following parameters are located in the [LDAPSecAdpt] or [ADSISecAdpt] section (or equivalent) of the application configuration file, according to whether you are configuring the LDAP security adapter or the ADSI security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter (for LDAP or ADSI authentication).

Some parameters apply only to LDAP implementations, or only to ADSI implementations. Some parameters apply only in a Web SSO authentication environment.

For more information, see the descriptions for equivalent parameters applicable to Siebel Web Client and other authentication contexts in Siebel Gateway Name Server Parameters.

  • ApplicationPassword
  • PropagateChange
  • ApplicationUser
  • RolesAttributeType
  • BaseDN
  • SecAdptDllName
  • CRC
  • ServerName
  • CredentialsAttributeType
  • SharedCredentialsDN
  • HashAlgorithm
  • SiebelUsernameAttributeType
  • HashDBPwd
  • SingleSignOn
  • HashUserPwd
  • SslDatabase
  • PasswordAttributeType
  • TrustToken
  • PasswordExpireWarnDays
  • UseAdapterUsername
  • Port
  • UsernameAttributeType

The parameter, EncryptApplicationPassword, can be set in the [LDAPSecAdpt] or [ADSISecAdpt] sections of an application configuration file only; it is not a Siebel Gateway Name Server parameter. Set EncryptApplicationPassword to TRUE if you want to store the encrypted value of the ApplicationPassword parameter in the application configuration file. Use the encryptstring utility to generate the encrypted value of the ApplicationPassword parameter. For information on using the encryptstring utility, see Encrypting Passwords Using the encryptstring Utility.

    
Siebel Security Guide Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices.