Bookshelf Home | Contents | Index | Search | PDF

Security Guide for Siebel eBusiness Applications > Authentication Details > Configuration Parameters Related to Authentication >

Parameters in the eapps.cfg File

---

The eapps.cfg file contains parameters that control interactions between the Siebel Web Engine and the Siebel Web Server Extension, for all Siebel applications.

The eapps.cfg file is located in the SWEAPP_ROOT\bin directory, where SWEAPP_ROOT is the directory in which you installed the Siebel Web Server Extension.

Following list is a portion of a sample eapps.cfg file. This sample includes parameters that may not coexist. They are provided so you can see the full range of authentication-related parameters.

[swe]
Language = enu
Log = all
LogDirectory = D:\10638\SWEApp\log
ClientRootDir = D:\10638\SWEApp
WebPublicRootDir = D:\10638\SWEApp\public\enu
WebUpdatePassword = test

[defaults]
AnonUserName = sadmin
AnonPassword = sadminpw
AnonUserPool = 1000
StatsPage = _stats.swe

SingleSignOn = TRUE
TrustToken = HELLO
UserSpec = REMOTE_USER
UserSpecSource = Server

[/ebriefings]
ConnectString = siebel.TCPIP.none.NONE://ecollab_blitz:2320/siebel
/eBriefingsObjMgr/ecollab_blitz

[/echannel]
AnonUserName = echuser
AnonPassword = ech
ProtectedVirtualDirectory = /p_echannel
ConnectString = siebel.TCPIP.none.NONE://ecollab_blitz:2320/siebel
/eChannelObjMgr/ecollab_blitz

[ConnMgmt]
CACertFileName = d:\siebel\admin\cacertfile.pem
CertFileName = d:\siebel\admin\certfile.pem
KeyFileName = d:\siebel\admin\kefile.txt
KeyFilePassword = mypassword
PeerAuth = FALSE
PeerCertValidation = FALSE

The eapps.cfg file includes sections such as [swe], [defaults], and [connmgmt] and sections for individual Siebel applications, for example [/echannel] and [/callcenter]. Each parameter value in the [defaults] section is used by individual applications, unless you override the parameter's value with an entry in an application's own section.

In the eapps.cfg sample above, the AnonUserName and AnonPassword values in the [/echannel] section are used by Siebel Partner Portal instead of the values provided in the [defaults] section.

NOTE:  You can use a text editor to add parameters and their values or to change values for existing parameters. When you edit configuration files, do not use a text editor that adds additional, non-text characters to the file. For example, use Microsoft Notepad instead of Microsoft Word or WordPad.

In a given eapps.cfg file, some parameters may not appear by default. Changes to the eapps.cfg file are not active until you restart the Siebel Server and the Web server.

Authentication-Related Parameters

The following parameters in the eapps.cfg file relate to authentication. They can be implemented in the [defaults] section or in the sections for individual applications.

AnonUserName. This parameter is the user name for an anonymous user that is stored in the directory and also in the Siebel Database.

The anonymous user provides binding between the directory and the Application Object Manager, to allow a Siebel application home page to display to a user who has not logged in. Similarly, this anonymous user supplies a login so the user can see other pages for which you allow anonymous browsing. The home page that is displayed likely provides an interface for the user to log in.

AnonPassword. This parameter is the authenticated password that is paired with AnonUserName.
AnonUserPool. This parameter sets the maximum number of anonymous user connections that can provide access to login pages. The anonymous user pool applies to the brief, initial actions taken by the user on the login pages before logging in. After users log in, they have a separate connection.
SingleSignOn. The Siebel Web Server Extension operates in Web SSO mode when TRUE.
TrustToken. This token string is a shared secret between the Siebel Web Server Extension and the security adapter. It is a measure to protect against spoofing attacks. This setting must be the same on both the Siebel Web Server Extension and the security adapter.
UserSpec. In a Web SSO implementation, this variable name specifies where the Siebel Web Server Extension looks for a user's username within the source given by UserSpecSource. The value, REMOTE_USER by default, is populated by the authentication filter.

If digital certificate authentication is implemented on Windows or AIX, use the value CERT_SUBJECT, a variable that contains the certificate name. For example, UserSpec/SubUserSpec would be "CERT_SUBJECT"/"CN". For other UNIX platforms, use "REMOTE_USER" for UserSpec. The SubUserSpec setting is disregarded.

SubUserSpec. In a Web SSO environment that implements digital certificate authentication, a value of CN specifies that the Siebel user ID should be extracted from the certificate's CN (Common Name) attribute.
UserSpecSource. In a Web SSO implementation, this parameter specifies the source from which the Siebel Web Server Extension derives the user credentials: Server, if from the usual Web server user name field; Header, if the variable is within the HTTP request header.
ClientCertificate. When this parameter is set to TRUE in a Web SSO implementation, the user is authenticated through a digital certificate.
EncryptSessionId. When this parameter is set to TRUE (the default), the session ID will be encrypted. When it is FALSE, the session ID is not encrypted. For a Siebel Web Client, the session ID is used in the session cookie (in cookie-based mode) or in the application URL (in cookieless mode). For more information about cookies, refer to Siebel Web Client Administration Guide.

The following parameter can be included in the section for each individual Siebel application, but not in the [defaults] section:

ProtectedVirtualDirectory. This parameter specifies the protected virtual directory for a Siebel application. This parameter specifies a Web server virtual directory that represents the protected location of the Siebel application. This parameter must have a value in a Web SSO implementation, and is optional in other implementations.

The protected directory allows you to configure your Web server or third-party authentication software to require user authentication to access specific Siebel application views. Requests for any views that require explicit login are redirected to this virtual directory.

For more information, see Creating Protected Virtual Directories.

For example, if you used the suggested name for the protected virtual directory for Siebel eService, enter:

[/eservice]
ProtectedVirtualDirectory = /p_eservice

If your Web SSO installation is not configured for anonymous browsing, set this value to the same directory as your application. For example:

[/eservice]
ProtectedVirtualDirectory = /eservice

Otherwise, a Web Authentication Failed message may appear in the application's log file.

NOTE:  You use examples like those above to secure an entire application. However, if some parts of the application do not require authentication, you must be able to authenticate users when they access a secured part of the application. In this case, set the parameter to an alias where the Web SSO credentials are passed. The Siebel application will redirect the request in order to authenticate.

SSL-Related Parameters

The following parameters can be included in the [ConnMgmt] section of the eapps.cfg file, when you are using SSL to encrypt SISNAPI communications between the Web server and the Siebel Server. For more information, see Configuring Siebel Web Server Extension for SSL Encryption.

CACertFileName. Identifies the trusted authority who issued the certificate.
CertFileName. Specifies the name of the ASN/PEM certificate file.
KeyFileName. Specifies the name of the PEM private key file.
KeyFilePassword. Specifies the password to decrypt the private key file.
PeerAuth. Enables peer authentication during SSL handshake.
PeerCertValidation. Independently verifies that the hostname of the SWSE machine matches the hostname presented in the certificate.

Bookshelf Home | Contents | Index | Search | PDF