Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
A configuration file exists for each Siebel application for each language. The parameters in the file determine how the user interacts with the Application Object Manager and with the security adapter. The configuration file that controls a particular user session depends on the client with which a user connects as follows:
Configuration file on the Siebel Server. For users connecting with the standard Siebel Web Client, application configuration files are located in the SIEBSRVR_ROOT
\bin\LANGUAGE
subdirectory. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBSRVR_ROOT
\bin\ENU directory.
Note: Most of the security-related parameters applicable to Siebel Servers (and, consequently, Siebel Web Clients) are stored in the Siebel Gateway Name Server, not in the application configuration file. |
Configuration file on the Siebel Mobile Web Client or Developer Web Client. For users connecting through the Siebel Mobile Web Client or Developer Web Client, the configuration file is located in the SIEBEL_CLIENT_ROOT
\bin\
LANGUAGE
subdirectory on the client. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in the SIEBEL_CLIENT_ROOT
\bin\ENU
directory.
The Siebel Mobile Web Client connects directly to the local database; it bypasses the Siebel Server.
The Siebel Developer Web Client connects directly to the server database; it bypasses the Siebel Server.
In a given configuration file, some parameters might not appear by default. Others might appear with a preceding semicolon (;), indicating that the parameter is a comment and is not being interpreted. The semicolon must be deleted to make the parameter active. Changes to an application configuration file are not active until you restart the Siebel Server or Siebel client. For more information about working with configuration files, see Siebel System Administration Guide.
Caution: The parameter values that reference directory attributes that you provide for the Siebel LDAP and ADSI security adapters are case-sensitive. The values must match the attribute names in the directory. |
The parameters in the following topics are authentication-related parameters that are present by default or can be added to each application's configuration file. They are grouped by the labeled sections in which they occur. This listing does not include parameters in an application's configuration file that are not authentication-related.
The parameters in Table A-11 apply to Siebel Mobile Web Clients and Siebel Developer Web Clients. For a description of the equivalent parameters applicable to Siebel Web Clients, see "Siebel Gateway Name Server Parameters".
Table A-11 InfraUIFramework Parameters in the Application Configuration File
Parameter | Description |
---|---|
If you deploy IBM Tivoli Access Manager WebSEAL to authenticate users of Siebel Business Applications with high interactivity in a Web Single Sign-On deployment, then set DisableReverseProxy to TRUE to disable reverse proxy support. You must disable implicit reverse proxy support as IBM Tivoli Access Manager WebSEAL acts as a reverse proxy server. The default value for DisableReverseProxy is FALSE. |
|
SecureLogin |
(TRUE or FALSE) If TRUE, then the login form completed by the user is transmitted over TLS. This requires that you have a certificate from a certificate authority on the Web server on which the Siebel Web Engine is installed. |
SecureBrowse |
When Siebel customer applications support switching between secure and nonsecure views, but employee applications (such as Siebel Call Center) do not. For more information, see "Configuring a Siebel Web Client to Use HTTPS". For additional information about the Secure attribute for a view, see Configuring Siebel Business Applications. |
The parameters in Table A-12 are located in the [InfraSecMgr] section of the application configuration file. These parameters apply to Siebel Mobile Web Clients and Developer Web Clients only. For a description of the equivalent parameters applicable to Siebel Web Clients, see "Siebel Gateway Name Server Parameters".
Table A-12 InfraSecMgr Parameters in the Application Configuration File
Parameter | Description |
---|---|
SecAdptMode |
Specifies the security adapter mode.
If you implement a custom, non-Siebel security adapter, then you must configure your adapter to interpret the parameters used by the Siebel adapters if you want to use those parameters. |
SecAdptName |
Specifies the name of the security adapter.
|
UseRemoteConfig This parameter applies only to the Siebel Developer Web Client |
Specifies the path to a configuration file that contains only parameters for a security adapter, that is, it contains parameters as they would be formatted if they were included in a section such as [LDAPSecAdpt] in an application's configuration file. You must provide the path in universal naming convention (UNC) format, that is, for example, in a form like For detailed information about using this parameter, see "Security Adapters and the Siebel Developer Web Client". |
The parameters in Table A-13 are located in the [DBSecAdpt] section (or equivalent) of the application configuration file if you are configuring the database security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter for database authentication.
These parameters apply to Siebel Mobile Web Clients and Developer Web Clients only. For a description of the equivalent parameters applicable to Siebel Web Clients, see "Siebel Gateway Name Server Parameters".
Table A-13 DBSecAdpt Parameters in the Application Configuration File
Parameter | Description |
---|---|
DBSecAdpt_CRC |
Use this parameter to implement checksum validation, in order to verify that each user gains access to the database through the correct security adapter. This parameter contains the value calculated by the checksum utility for the applicable security adapter DLL. If you leave this value empty, then the check is not performed. If you upgrade your Siebel Business Applications, then you must recalculate and replace the value in this parameter. For more information, see "Configuring Checksum Validation". |
DBSecAdpt_PropagateChange |
Set this parameter to TRUE to allow administration of credentials in the database through Siebel Business Applications. When an administrator then adds a user or changes a password from within a Siebel application or a user changes a password or self-registers, the change is propagated to the database. For Siebel Developer Web Client, the system preference SecThickClientExtAuthent must also be set to TRUE. For details, see "Setting a System Preference for Developer Web Clients". |
DBSecAdpt_SecAdptDllName |
Specifies the DLL that implements the security adapter API required for integration with Siebel Business Applications. The file extension need not be explicitly specified. For example, sscfsadb.dll implements the database security adapter in a Windows implementation. |
DataSourceName |
Specifies the data source applicable to the specified database security adapter. |
The parameters in Table A-14 are located in the data source section of the application configuration file, such as [ServerDataSrc] for the Siebel Developer Web Client, or [Local] for the Siebel Mobile Web Client.
Table A-14 Data Source Parameters in the Application Configuration File
Parameter | Description |
---|---|
DSHashAlgorithm |
Specifies the password hashing algorithm to use if DSHashUserPwd is TRUE. The default value, RSASHA1, provides hashing using the RSA SHA-1 algorithm. The value SIEBELHASH specifies the password hashing mechanism provided by the mangle algorithm from Siebel Business Applications (supported for existing customers only). For details, see "About Password Hashing". |
DSHashUserPwd |
Specifies password hashing for user passwords. Uses the hashing algorithm specified using the DSHashAlgorithm parameter. For details, see "About Password Hashing". |
IntegratedSecurity |
Applicable only to Siebel Developer Web Client, with Oracle or Microsoft SQL Server database. For details, see "Security Adapters and the Siebel Developer Web Client". Note: Integrated Security is only supported for Siebel Developer Web clients that access Oracle and Microsoft SQL Server databases. This functionality is not available for Siebel Web Clients or Siebel Mobile Web clients. |
The following parameters are located in the [LDAPSecAdpt] or [ADSISecAdpt] section (or equivalent) of the application configuration file, according to whether you are configuring the LDAP security adapter or the ADSI security adapter. Each authentication-related parameter in an application's configuration file is interpreted by the security adapter (for LDAP or ADSI authentication).
Some parameters apply only to LDAP implementations, or only to ADSI implementations. Some parameters apply only in a Web SSO authentication environment. For more information, see the descriptions for equivalent parameters applicable to Siebel Web Client and other authentication contexts in "Siebel Gateway Name Server Parameters".
ApplicationPassword | PropagateChange |
ApplicationUser | RolesAttributeType |
BaseDN | SecAdptDllName |
CRC | ServerName |
CredentialsAttributeType | SharedCredentialsDN |
HashAlgorithm | SiebelUsernameAttributeType |
HashDBPwd | SingleSignOn |
HashUserPwd | SslDatabase |
PasswordAttributeType | TrustToken |
PasswordExpireWarnDays | UseAdapterUsername |
Port | UsernameAttributeType |
WalletPassword |
The parameter, EncryptApplicationPassword, can be set in the [LDAPSecAdpt] or [ADSISecAdpt] sections of an application configuration file only; it is not a Siebel Gateway Name Server parameter. Set EncryptApplicationPassword to TRUE if you want to store the encrypted value of the ApplicationPassword parameter in the application configuration file. Use the encryptstring utility to generate the encrypted value of the ApplicationPassword parameter. For information on using the encryptstring utility, see "Encrypting Passwords Using the encryptstring Utility".