Security Guide for Siebel eBusiness Applications
What's New in This Release
Back to top
About Security for Siebel Applications
General Security Concepts
Industry Standards for Security
Siebel Security Architecture
User Authentication for Secure System Access
Security Adapter SDK
End-to-End Encryption for Data Confidentiality
Controlling Access to Data
Auditing for Data Continuity
Secure Physical Deployment to Prevent Intrusion
Security for Mobile Solutions
Security Settings for the Web Browser
Bibliography of Security References
Roadmap for Configuring Security
Back to top
Changing or Adding Passwords
Changing Default Passwords
Changing System Administrator Passwords on Microsoft Windows
Changing the Siebel Administrator Password on UNIX
Changing the Table Owner (DBO) Password
Troubleshooting Password Changes By Checking for Failed Server Tasks
Adding a Password for Updating Web Server Static Files
Managing Encrypted Passwords in the eapps.cfg File
About Password Encryption
Back to top
Physical Deployment and Auditing
About the Siebel Network
Firewall and Proxy Server Support
Role of Siebel Server Load Balancing in Networking Security
Port Numbers
Restricting Access
Auditing for Data Continuity
Securing Siebel Reports Server
Siebel Reports Server Components
Configuring Siebel Reports Server for Security
Securing Siebel Document Server
Back to top
Communications and Data Encryption
Types of Encryption
Configuring Secure Communications
Configuring Encryption for Siebel Enterprise and SWSE
Configuring SSL Encryption for Siebel Enterprise or Siebel Server
Configuring SSL Encryption for SWSE
Configuring Encryption for Web Clients
Configuring Encryption for Mobile Web Client Synchronization
Configuring Data Encryption
Using Key Database Manager
Upgrade Issues for Data Encryption
Configuring Business Component Encryption
Encrypted Database Columns
Upgrading Encrypted Data to 56-bit RC2 Encryption
Security Considerations for Unicode Support
Back to top
Security Adapter Authentication
About User Authentication
Comparison of Authentication Strategies
About Siebel Security Adapters
Configuring Database Authentication
About LDAP/ADSI Security Adapter Authentication
LDAP/ADSI Authentication Process
Requirements for LDAP/ADS Directory
Installing LDAP Client Software
Considerations for Secure LDAP Using SSL
Installing the IBM LDAP Client and GSKit on Windows
Installing the IBM LDAP Client and GSKit on Solaris
Installing the IBM LDAP Client and GSKit on AIX
Installing the IBM LDAP Client and GSKit on HP-UX
Installing and Configuring IBM GSK iKeyMan
Generating a CMS File Using IBM GSK iKeyMan
Implementing LDAP/ADSI Security Adapter Authentication
Using the LDAP/ADSI Configuration Utility
About Configuration for Dedicated Web Clients
Procedure for Configuring LDAP/ADSI Security Adapters
Setting Up Security Adapter Authentication: A Scenario
Creating a Database Login
Setting Up the LDAP/ADS Directory
Creating Users in the LDAP/ADS Directory
Adding User Records in the Siebel Database
Editing Parameters in the eapps.cfg File
Editing Parameters Using Siebel Server Manager
Editing Parameters in the Application Configuration File
Setting a System Preference for Dedicated Web Clients
Restarting Servers
Testing the LDAP/ADSI Authentication System
Configuring Password Hashing
Login Scenario for Password Hashing
Usage Guidelines for Password Hashing
Configuring User and Credentials Password Hashing
Running the Password Hashing Utility
Security Adapter Deployment Options
Configuring the Application User
Configuring Checksum Validation
Configuring Secure Communications for Security Adapter
Configuring the Shared Database Account
Configuring Adapter-Defined User Name
Configuring the Anonymous User
Configuring Roles Defined in Directory
Security Adapters and Siebel Dedicated Web Client
Authentication for Mobile Web Client Synchronization
Back to top
Web Single Sign-On Authentication
About Web Single Sign-On
Implementing Web SSO Authentication
Setting Up Web SSO: A Scenario
Process of Implementing Web SSO
Creating Protected Virtual Directories
Creating a Database Login
Setting Up the Active Directory Server
Creating Users in the Directory
Adding User Records in the Siebel Database
Editing Parameters in the eapps.cfg File
Editing Name Server Parameters
Editing Parameters in the Application Configuration File
Restarting Servers
Testing Web SSO Authentication
Digital Certificate Authentication
User Specification Source
Back to top
Security Features of Siebel Web Server Extension
Configuring Secure Views
Login Features
Cookies and Siebel Applications
Session Cookie
Auto-Login Credential Cookie
Siebel QuickStart Cookie
Enabling Cookies for Siebel Applications
Back to top
User Administration
About User Registration
Configuring Anonymous Browsing
About Anonymous Browsing and Unregistered Users
Implementing Anonymous Browsing
Configuring Views for Anonymous Browsing or Explicit Login
About Self-Registration
Implementing Self-Registration
Modifying the Anonymous User Record
Setting Configuration Parameters for Self-Registration
Activating Workflow Processes for Self-Registration
Modifying Self-Registration Views and Workflows
Managing Duplicate Users
Managing Forgotten Passwords
User Experience for a Forgotten Password
Architecture for Forgotten Passwords
Modifying the Workflow Process for Forgotten Passwords
Modifying Workflow Process to Query Null Fields
Modifying Workflow Process to Request Different Identification Data
Internal Administration of Users
Adding a User to the Siebel Database
Adding a New Employee
Adding a New Partner User
Adding a New Contact User
Promoting a Contact to a Contact User
New Responsibility Field for User Record
Delegated Administration of Users
User Authentication Requirements for Delegated Administration
Access Considerations for Delegated Administration
Registering Contact Users—Delegated Administration
Registering Partner Users—Delegated Administration
Maintaining a User Profile
Editing Personal Information
Changing a Password
Changing the Active Position
Back to top
Configuring Access Control
About Access Control
Access Control for Parties
Access Control for Data
Access Control Mechanisms
About Personal Access Control
About Position Access Control
About Single-Position Access Control
About Team (Multiple-Position) Access Control
About Manager Access Control
About Organization Access Control
About Single- and Multiple-Organization Access Control
About Suborganization Access Control
About All Access Control
About Access-Group Access Control
Planning for Access Control
Access Control and Business Environment Structure
Planning for Divisions
Planning for Organizations
Planning for Positions
Planning for Responsibilities
Implementing Access Control
Applications and Access Control
Setting Up Divisions, Organizations, and Positions
Responsibilities and Access Control
Business Component View Modes
Business Component View Mode Fields
Applet Access Control Properties
View Access Control Properties
Example of Flexible View Construction
Implementing Access-Group Access Control
Scenario That Applies Access-Group Access Control
The User's Experience
Administrative Tasks
Administering Catalogs of Data
Administering Positions, Organizations, Households, and User Lists
Administering Access Groups
Associating Access Groups with Data
Managing Tab Layouts Through Responsibilities
Administering Tab Layout
Assigning a Primary Responsibility
Exporting and Importing Tab Layouts
Managing Tasks Through Responsibilities
Clearing Cached Responsibilities
Additional Access Control Mechanisms
Configuring Visibility of Pop-Up and Pick Applets
Configuring Drilldown Visibility
Party Data Model
How Parties Relate to Each Other
Person (Contact) Data Model
User Data Model
Employee Data Model
Position Data Model
Account Data Model
Division Data Model
Organization Data Model
Partner Organization Data Model
Household Data Model
User List Data Model
Access Group Data Model
Back to top
Troubleshooting Security Issues
User Authentication Issues
User Registration Issues
Access Control Issues
Back to top
Configuration Parameters Related to Authentication
Parameters in the eapps.cfg File
Siebel Gateway Name Server Parameters
Siebel Application Configuration File Parameters
System Preference
Back to top
Seed Data
Seed Employee
Seed Users
Seed Responsibilities
Seed Position and Organization
Seed Database Login
Back to top
Addendum for Siebel Financial Services
Siebel Financial Services Applications
User Authentication for Siebel Financial Services
Registering and Administering Users for Siebel Financial Services
Seed Data
Unregistered Users and Anonymous Browsing
Self-Registration
Internal Administration of Users
External Administration of Users
Maintaining a User Profile
Basic Access Control for Siebel Financial Services
Access Control Mechanisms
Administering Access-Group Access Control
Configuration File Names for Siebel Financial Services Applications
Seed Data for Siebel Financial Services
Seed Users
Seed Responsibilities
Back to top
|