| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
This topic describes the configuration tasks you must perform to configure Siebel CRM and Oracle Business Intelligence Publisher (Oracle BI Publisher) in a Web Single Sign-On environment. Oracle BI Publisher is the reporting module for Siebel CRM. Siebel Reports integrates with Oracle BI Publisher to run and administer reports.
For information on configuring Siebel CRM and Oracle BI Publisher for Web Single Sign-On authentication, see the following topics:
"Configuring Siebel CRM for Integration with Oracle BI Publisher with Web Single Sign-On"
"Configuring Oracle BI Publisher for Integration with Siebel CRM with Web Single Sign-On"
This topic describes the configuration tasks you must perform for your Siebel application so that it can integrate with Oracle BI Publisher when Web Single Sign-On authentication is implemented.
To configure Siebel CRM for BI Publisher integration in a Web SSO environment
For the Security Adapter Profile (either the LDAP Security Adapter profile or the ADSI Security Adapter profile) that is used for authentication and Web SSO, specify parameter values similar to those shown in the following table.
| Parameter Name | Value |
|---|---|
| Single Sign On | True |
| Trust Token | password
This is the value of the TrustToken parameter (in encrypted format) this is specified in the eapps.cfg file. |
For the server components listed in the following table, specify values for the parameters shown. Specify values either for the LDAP or for the ADSI security adapter, depending upon the security adapter you have implemented.
| Server Component | Parameter | Value |
|---|---|---|
| Application Object Manager and EAI Object Manager | Security Adapter Name | Either LDAPSecAdpt or ADSISecAdpt |
| Security Adapter Mode | LDAP or ADSI | |
| Username | LDAP_USER_ID or AD_USER_ID | |
| Password | password
The password associated with the LDAP_USER_ID or AD_USER_ID |
|
| XMLP Report Server | Security Adapter Name | LDAPSecAdpt or ADSISecAdpt |
| Security Adapter Mode | LDAP or ADSI | |
| Username | LDAP_USER_ID or AD_USER_ID | |
| Password | password
This is the value of the TrustToken parameter (in encrypted format) specified in the eapps.cfg file. |
|
Note: The LDAP_USER_ID or AD_USER_ID values you specify must be an LDAP or Active Directory user who has a Siebel employee record, for example, AnonUserName, in the eapps.cfg file. |
Enable Single Sign-On for the EAI Object Manager by adding the parameters in the following table to the [/eai_lang] section of the eapps.cfg file.
| Parameter | Value |
|---|---|
| SingleSignOn | True |
| TrustToken | TrustToken_Value |
| UserSpec | HTTP Header Variable |
| UserSpecSource | Header |
Restart the Siebel Server, Siebel Gateway Name Server, and the Siebel Web Server services.
When the services are started, verify that the Application Object Manager, EAI Object Manager, and XMLP Report Server components are online.
If any of these services are unavailable, create a service request (SR) on My Oracle Support. Alternatively, you can phone Oracle Global Customer Support directly to create a service request or get a status update on your current SR. Support phone numbers are listed on My Oracle Support.
This topic describes how to configure Oracle BI Publisher to integrate with Siebel CRM when Web Single Sign-On authentication is implemented.
To configure Oracle BI Publisher for Siebel CRM integration in a Web SSO environment
Log into the Oracle BI Publisher Server with administrator credentials.
Click the Admin tab, then select Security Configuration in the Security Center section.
Change the value of the Administrator Password parameter for the Siebel Security Model to specify the value of the Trust Token (in clear text) specified for Web SSO in the eapps.cfg file.
Restart the Oracle BI Publisher OC4J instance.
|
Note: After the Administrator Password parameter is set to specify the value of the Trust Token, any Siebel user who wants to log into the Oracle BI Publisher Server must enter the Trust Token value as the password. |
This topic describes how to enable Siebel Reports scheduling when Web Single Sign-On authentication is implemented for Siebel CRM and when the Siebel Security Model is implemented for Siebel Reports.
Oracle BI Publisher issues an inbound Web service call (BIPDataService) to retrieve data from the Siebel application when reports are scheduled and executed. During this process, report users are authenticated against the EAI Application Object Manager. You must, therefore, use a non-SSO security adapter for reports scheduling.
To enable Siebel Reports scheduling when Web SSO is implemented
Create a new custom Siebel Server component based on the EAI Object Manager component, and name the new component BIP EAI Object Manager.
For information about creating custom Siebel Server component definitions, see Siebel System Administration Guide.
Create a new Siebel enterprise profile (named subsystem) by copying the security adapter profile used by the Application Object Manager.
If the Siebel application is using the LDAPSecAdpt security adapter profile, create a copy of the profile and name it LDAPSecAdpt_NoSSO.
If the Siebel application is using the ADSISecAdpt security adapter profile, create a copy of the profile and name it ADSISecAdpt_NoSSO.
For information about creating Siebel Enterprise Server named subsystems, see Siebel System Administration Guide.
Set the Single Sign On profile parameter for the new security adapter profile you created in Step 2 to False.
For the BIP EAI Object Manager component you created in Step 1, specify values for the parameters shown in the following table.
| Parameter | Value (LDAP Authentication) | Value (AD Authentication) |
|---|---|---|
| Security Adapter Name | LDAPSecAdpt_NoSSO | ADSISecAdpt_NoSSO |
| Security Adapter Mode | LDAP | ADSI |
Synchronize the new component definitions, then restart the Siebel Server and the Siebel Gateway Name Server services.
For information about synchronizing components on a Siebel Enterprise Server, see Siebel System Administration Guide.
Create a new virtual directory in the Siebel Web server and name it bipeai_lang.
Refer to the Siebel Web server product documentation for information on creating a virtual directory and making it accessible. Configure the new virtual directory in exactly the same way as the existing eai_lang virtual directory.
Edit the eapps.cfg file to add a section for the [/bipeai_lang] virtual directory, and add parameters similar to the following:
[/bipeai_lang] ConnectString = ConnectString EnableExtServiceOnly = TRUE WebPublicRootDir = SWSE_Installation_Directory\PUBLIC\language SiebEntSecToken = security_token
|
Note: Do not add Web SSO-related parameters to this section. |
For additional information, see "About Parameters in the eapps.cfg File".
Restart the Siebel Web server service for the changes to take effect.
Launch the Siebel Web Client and log into the Siebel application as a Siebel administrator.
Navigate to the Administration - Web Services screen, then the Inbound Web Services view.
In the Name field of the Inbound Web Services list, query for BIPDataService.
In the address URL for the BIPDataService, change the value eai_lang to bipeai_lang. For example:
http://SiebelWebServerName/bipeai_lang/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&WSSOAP=1
Click the Generate WSDL button to generate a WSDL file, then save the file with the name dataservice.wsdl.
Copy the dataservice.wsdl file to the Oracle BI Publisher home directory. By default, this is the OraHome_X\oc4j_bi\bin directory on the Oracle BI Publisher server.
Restart the Oracle BI Publisher OC4J instance.
