Siebel Tools Reference > Application Configuration (Basic Concepts) > Controlling Visibility Using Siebel Tools >

Security Considerations

The following section briefly discusses security issues related to your Web application. For further details on secure views and login, see Security Guide for Siebel eBusiness Applications.

Secure Views

You can create secure views for your Web application, using the HTTPS protocol. If a view is marked as secure, the Siebel Web Engine will verify that the current request used the HTTPS protocol, thereby preventing a client from obtaining access to a secure view by typing HTTP instead of HTTPS into their browser.

To specify that a view is secure

  1. Edit the Secure attribute of the View object in Siebel Tools.

    By default, this attribute is FALSE.

  2. To make the view secure, set this attribute to TRUE.

If a view is secure, all URLs to the view generated by the Siebel Web Engine will specify the HTTPS protocol.

NOTE:  The implementation of HTTPS is external to Siebel Web Engine. HTTPS is negotiated by the browser and the Web Server. Siebel Web Engine only specifies that HTTPS should be used for a particular view. Therefore, any server that is expected to provide secure views must have HTTPS enabled.

Explicit Login

You can specify that users must type in their password and username to access a view, if they have not already done so.

Users can log in to Siebel Web Engine applications using a cookie (after having selected Save My Username and Password), or by explicitly typing their username and password at the login page. If they have logged in using a cookie, you may still want them to supply their username and password to access a sensitive part of the Web site.

To specify that you want a view to require a login

  1. Edit the Explicit Login attribute of the View object in Siebel Tools.

    By default, this attribute is FALSE.

  2. To require login for a view, set this attribute to TRUE.

In the case that the user logs in using a cookie, and they attempt to access an explicit login view, they will be required to explicitly type their username and password at the login screen before gaining access to the view. Users will only be required to do this once per session. After supplying their username and password, all subsequent visits to the explicit login view will not require login.

User Authentication

Authentication is the process of verifying the identity of a user before allowing the user to access an application. Siebel applications support three approaches for authenticating users: database authentication, security adapter authentication, and Web single sign on.

Security adapter authentication and Web single sign on are external authentication strategies. You can implement either strategy with a Siebel-provided security adapter or Siebel-compliant third party security adapter and other third party software.

Security Guide for Siebel eBusiness Applications is the principal resource on the Siebel Bookshelf for detailed information about implementing user authentication strategies, registering and administering users, and controlling user access to data for Siebel employee, partner, and customer applications.


 Siebel Tools Reference
 Published: 20 October 2003