Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Security Features of Siebel Web Server Extension >

Configuring a Siebel Web Client to Use SSL

You can configure Siebel Business Applications to specify whether or not URLs must use SSL over HTTP (HTTPS protocol) to access views in Siebel Business Applications. You can specify that HTTPS must be used to access specific views, to access all views, or is not required to access views.

If you use the HTTPS protocol, be aware of the following issues:

  • You can switch between secure and nonsecure views in Siebel customer applications, but not in employee applications (such as Siebel Call Center). For employee applications, if any views are to be secure, then all views must be secure.
  • Your Web server must be configured to support HTTPS.

    You must install a certificate file on the Web server with which you want to secure communication. For more information, see About Certificates and Key Files Used for SSL Authentication.

Two factors determine whether or not the Siebel Web Engine verifies that requests for a view use the HTTPS protocol:

  • The value (TRUE or FALSE) of the view's Secure attribute.

    You can set the Secure property of a specific view to indicate whether or not the HTTPS protocol must be used to access the view. The ability to selectively secure individual views applies to standard interactivity applications only, not high interactivity applications.

    For information about the Secure attribute for a view, see Configuring Siebel Business Applications.

  • The value (TRUE or FALSE) of the SecureBrowse component parameter.

    You can specify a value for the SecureBrowse parameter to indicate whether or not the HTTPS protocol must be used to access all the views in an application.

The following procedure describes how to configure your application to use HTTPS or HTTP for the views in an application.

To configure your application to use HTTPS or HTTP for views

  • Using Siebel Server Manager, specify one of the following values for the SecureBrowse component parameter:
    • SecureBrowse is set to TRUE. If SecureBrowse is set to TRUE, HTTPS is required for all views in the application, regardless of how the Secure attribute is set for individual views.
    • SecureBrowse is set to FALSE. If SecureBrowse is set to FALSE, then HTTP is used for all views in the application, except for views for which the Secure attribute is set to TRUE. Secure views require HTTPS.

      NOTE:  In releases of Siebel Business Applications before Siebel CRM 8.0, values for the SecureLogin and SecureBrowse parameters for Siebel Web clients were specified in the [SWE] section of the Siebel application configuration file. Since Siebel CRM 8.0, SecureLogin and SecureBrowse are Application Object Manager (AOM) parameters which are set using Siebel Server Manager.

You can also specify that user credentials entered at login are transmitted from the Web client to the Web server using the HTTPS protocol by setting values for the SecureLogin parameter. For information on how to set this parameter, see Login Security Features. For general information about using SSL with Siebel Business Applications, see Communications and Data Encryption.

    
Siebel Security Guide Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices.