Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options >
Configuring the Anonymous User
The anonymous user is a Siebel user with very limited access. The anonymous user (defined in the Siebel database) allows a user to access a login page or a page containing a login form. For LDAP or ADSI authentication, the anonymous user must have a corresponding record in the user directory.
You must define an anonymous user for any Siebel application that implements LDAP or ADSI authentication. The anonymous user is required even if your applications do not allow access by unregistered users. When an AOM thread first starts up, it uses the anonymous user account to connect to the database and retrieve information (such as a license key) before presenting the login page.
Anonymous Browsing and the Anonymous User
If you implement security adapter authentication or database authentication, you can allow or disallow unregistered users to browse a subset of an application's views. Unregistered users access Siebel Business Applications views and the database through the anonymous user record.
If you allow anonymous browsing, users can browse views that are not flagged for explicit login. If you disallow anonymous browsing, unregistered users have no access to any of the application's views but do still have access to an application's login page.
The following procedure describes how to configure the anonymous user.
To configure the anonymous user
- Define a user in the directory using the same attributes as used for other users. Assign values in appropriate attributes that contain the following information:
- Siebel user ID. Enter the user ID of the anonymous user record for the Siebel application you are implementing in the attribute in which you store the Siebel user ID.
- Password. Assign a password of your choice. Enter the password in unencrypted form. If you implement an ADSI directory, you specify the password using ADSI user management tools, not as an attribute.
- Edit the eapps.cfg file using a text editor and specify values for the following parameters:
- AnonUserName. Enter the user name required for anonymous browsing and initial access to the login pages of the application you are implementing, for example, GUESTCST.
- AnonPassword. Enter the password associated with the anonymous user. If necessary, you can manually encrypt this password using the encryptstring.exe utility. For additional information, see Encrypting Passwords Using the encryptstring Utility.
You can define an anonymous user for a single application or as the default for all the Siebel Business Applications you deploy. Even if the anonymous user is specified as the default, any single application can override the default.
If you use one anonymous user for most or all of your applications, define the anonymous user in the [defaults] section of the eapps.cfg file. To override the default value for an individual application, list the AnonUserName and AnonPassword parameters in the applications section of the eapps.cfg file, for example, the [/eservice] section.