| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2016, Rev. A E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2016, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
This topic describes how to implement database authentication. Database authentication is typically implemented for a Siebel employee application, such as Siebel Call Center or Siebel Sales. Database authentication is configured as the default authentication method and is the easiest of the authentication approaches supported by Siebel Business Applications to implement.
|
Note: Although database authentication is supported for development environments only, it is strongly recommended that you use TLS for database authentication and keep database authentication enabled for the Siebel Enterprise. As applicable for your deployment, enable any non-database security adapter for individual servers or components, using Server Manager. |
Although configuration might not be manually required (see the following note), you can implement the database security adapter using the Security Adapter Mode (SecAdptMode) and Security Adapter Name (SecAdptName) parameters. The Security Adapter Mode and Security Adapter Name parameters can be set for the Siebel Gateway Name Server, the Siebel Enterprise Server, for a particular Siebel Server, for an individual Application Object Manager component, or for the Synchronization Manager component (for Siebel Remote).
|
Note: In most cases, there is no need to manually set the SecAdptMode and SecAdptName parameters since it is recommended that customers keep the default Database Authentication value (which corresponds to the SecAdptMode parameter value DB) when choosing a value for the Enterprise Security Authentication Profile when running the Siebel Enterprise Configuration Wizard. If customers want to configure an individual Siebel Server or component to use LDAP or ADSI at a later time, however, then configuration is manually required for the SecAdptMode and the SecAdptName parameters as shown in Step 1 of the following procedure. |
You can configure the Security Adapter Mode and Security Adapter Name parameters using Siebel Server Manager. To do this, you specify parameter values for a named subsystem (enterprise profile). For the Developer Web Client, parameters can be configured by editing the application configuration file directly. For Gateway Name Server authentication, parameters can be configured by editing the gateway.cfg file.
|
Caution: If you want to configure a server component or a Siebel Server to use different database authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then you must create a new database security adapter. If you do not, then settings you make reconfigure the existing security adapter wherever it is used. |
The following procedure describes how to implement database authentication.
To implement database authentication
Specify that you want to use the database security adapter by setting values for the following parameters:
Set the Security Adapter Mode parameter to DB (the default value).
Set the Security Adapter Name parameter to DBSecAdpt (the default value), or to a security adapter (enterprise profile or named subsystem) with a different name.
For more information about parameters for the database security adapter, see Appendix A, "Configuration Parameters Related to Authentication."
If you want to implement user password hashing, then set the Hash User Password parameter to True.
For detailed information on this task, see "Configuring User Password Hashing".
User password hashing maintains a hashed password in the database account while an unhashed version of the password is provided to the user for logging in. When user password hashing is enabled, a hashing algorithm is applied to the user's password before it is compared to the hashed password stored in the database. It is recommended that you implement password hashing for user passwords.
|
Note: For database authentication, password hashing parameters are specified for a data source referenced from the database security adapter, rather than specified directly for the security adapter. |
Provide each user with access to Siebel Business Applications and the Siebel database as follows:
Create a database account for the user using your database management functionality.
Create a Siebel user record in the Siebel database; the user ID must match the user name for the database account.
You add users to the Siebel database through an employee application such as Siebel Call Center. For detailed information about adding users, see "About Adding a User to the Siebel Database".
If you are implementing database authentication with an MS SQL Server database, then perform the task described in "Implementing Database Authentication with Microsoft SQL Server".
If you use database authentication, then it is recommended that you implement database password expiration policies on the database server if this functionality is supported by your RDBMS. For example, it is recommended that you configure database passwords to expire after a defined time period unless they are changed.
On some RDBMSs this functionality is provided by default; on others this functionality, if provided, must be configured. For information on the password expiration policies supported by your RDBMS, see the appropriate RDBMS vendor documentation.
|
Note: Support for password expiration policies and database user account password change through Siebel Business Applications is available only on supported IBM DB2 RDBMS operating systems. |
