Bookshelf v7.5: Configuring Web Clients for Encryption

Security Guide for Siebel eBusiness Applications > Communications and Data Encryption > Configuring for Encryption >

Configuring Web Clients for Encryption

To use encryption, both the server and the client must enforce encryption in their connection parameters. If these parameters do not match, connection errors will occur.

Siebel eBusiness Applications support the following types of clients:

Siebel Web Client. This client runs in a standard browser from the client personal computer and does not require any additional persistent software installed on the client.

This type of client uses configuration files located on the server. Encryption settings you make to the Siebel Web Server Extension are automatically recognized by this Web Client.

For more information, see Configuring Siebel Enterprise for Microsoft Crypto or RSA Encryption.

Siebel Mobile Web Client. This client is designed for local data access, without the need to be connected to a server. Periodically, the client must access the Siebel Remote server using a modem, WAN, LAN or other network to synchronize data.

For information on setting encryption for transmissions between Mobile Web Client and Siebel Remote server, see Mobile Web Client: Encryption for Synchronization.

Siebel Dedicated Web Client. This client connects directly to the Siebel Database for all data access. It does not store any Siebel data locally. With the exception of the database, all layers of the Siebel eBusiness Applications architecture reside on the user's personal computer.

Siebel Wireless Client. A wireless-enabled mobile client with a Web browser and Internet service. For more information, see Siebel Wireless Administration Guide.

For more information about the first three clients listed above, see Siebel Web Client Administration Guide.

About Session Cookies

The Application Object Manager in the Siebel Server communicates with the Siebel Web Client through the Web server using TCP/IP protocol. An independent session is established to serve incoming connection requests from each client. Siebel applications use session cookies to track the session state.

These session cookies persist only within the browser session and are deleted when the browser exits or the user logs off. A session cookie attaches requests and logoff operations to the user session which started at the login page.

Instead of storing the session ID in clear text in the client's browser, Siebel applications create an encrypted session ID and attach an encryption key index to the encrypted session ID. Session cookie encryption is based on the RSA BSAFE Crypto standard and uses a 56-bit key default.

In Siebel Remote, the encryption algorithm and key exchange are the same as session-based components.

Session cookie encryption prevents session spoofing (deriving a valid session ID from an invalid session ID).

For more information about session cookies, refer to Siebel Web Client Administration Guide.