Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
![]() Previous |
![]() Next |
View PDF |
The Siebel Application Interface profile contains parameters that control interactions between the Siebel Web Engine and the Siebel Application Interface for all Siebel Business Applications deploying the Siebel Web Client.
The Siebel Application Interface profile includes a Basic Information section for defining Authentication, Logging, and REST Inbound Defaults, an Other Information section for defining SWE, and an Applications section for defining Basic Information, Mobile, and Enhanced Authentication for individual Siebel Business Applications. Each parameter value in the Basic Information section is used by all individual applications, unless you override the parameter's value (for a specific application) with an entry in the Applications section.
You can edit the parameters in the Siebel Application Interface profile using the Siebel Management Console. For information on using the Siebel Management Console to configure application interface profile parameters, see Siebel Installation Guide for the operating system you are using.
In a given Siebel Application Interface profile, some parameters might not appear by default. For more detailed information on application interface profile parameters, see:
"Authentication Parameters in Siebel Application Interface Profile"
"Application Object Manager Parameters in Siebel Application Interface Profile"
"REST Inbound Authentication Parameters in Siebel Application Interface Profile"
Note: Before you create and configure a Siebel Application Interface profile, make sure that you have already deployed the Siebel Server. After you have done this, the Object Manager and Application settings in Siebel Application Interface profile configuration are populated with values you can choose from that reflect available components on the Siebel Server.After you deploy a Siebel Application Interface profile, the profile is in a read-write state. You can update the configuration settings and save the profile to propagate the updates to the deployed Siebel Application Interface. |
Table A-4 lists the parameters in the Siebel Application Interface profile that relate to authentication. You define these parameters in either the Basic Information section or the Applications section under Application Interface Profiles in the Siebel Management Console.
Note: Passwords (such as, Anonymous User Password and Trust Token) are encrypted by default for the Siebel Application Interface profile. For more information, see "Encrypted Passwords in Siebel Application Interface Profile Configuration".It is recommended that you set the value for StatsPage to a value other than the default value (_stats.swe). |
Table A-4 Authentication-Related Parameters in Siebel Application Interface Profile
Parameter | Section Under Application Interface Profiles | Description |
---|---|---|
Active Session Timeout Value (seconds) |
Basic Information - Authentication |
The time, in seconds, from the user's last browser request until the user's connection times out. The default is 900 seconds (15 minutes). Standard sessions are those where users log in using their registered user name and password. Otherwise, standard sessions share many of the same characteristics as guest sessions. For guidelines on setting a value for the Active Session Timeout Value parameter, see "About the Active Session Timeout Value Parameter". |
Active Session Timeout Warning Value (seconds) |
Basic Information - Authentication |
Before a session times out, a session timeout warning message appears prompting users to choose whether or not to extend the session. The time at which the message appears is determined by the value specified by this parameter. The default value for this parameter is 60 seconds. The time at which the session timeout warning message appears is calculated by subtracting the Active Session Timeout Warning Value from the Active Session Timeout Value. For example, if Active Session Timeout Value is set to 900 seconds and Active Session Timeout Warning Value is set to 300 seconds, then the session timeout warning message appears after 600 seconds of inactivity (900 minus 300 equals 600).
|
Login Session (guest session) Timeout Value (seconds) |
Basic Information - Authentication |
The time, in seconds, that a connection open for anonymous browsing can remain idle before it times out. The default is 300 seconds (5 minutes). Guest sessions are used for anonymous browsing. They permit users to navigate portions of the site without logging in. In contrast to anonymous sessions, guest sessions are associated with an individual Siebel Web Client. These sessions are opened when an unregistered user starts navigating the site, and they remain open until the Web client logs out or times out due to inactivity. When deciding the value to specify for guest user timeout, the primary consideration is whether or not anonymous browsing is being used. If it is, then set guest user timeouts to be greater than the average time users need to deliberate their next action. In other words, this is the time allowed between user actions. Both guest and anonymous sessions use the Anonymous User Name and Anonymous User Password parameters to log in. |
Method to Check Server Availability |
Basic Information - Authentication |
Provide the swe method name which will be used with the swe command name provided in the [Command to Check Server Availability] field to check the server availability. This must not be empty if the [Command to Check Server Availability] field is not empty. |
Command to Check Server Availability |
Basic Information - Authentication |
Provide the swe command name, which will be sent to check the server availability. |
Session Token Usage Duration (minutes) |
Basic Information - Authentication |
Provide the session token usage duration, which will make the application interface reject the token if it has been used for more than this value. |
Session Token Timeout Value (seconds) |
Basic Information - Authentication |
Provide the session token timeout value, which will make the application interface reject the session token if the token is inactive for more than this value. |
Basic Information - Authentication |
The application interface operates in Web SSO mode when this parameter is |
|
Basic Information - Authentication This option appears when Web SSO is true. |
Provide the trust token string, which will be used as the password when Web SSO is enabled. The specified value is passed as the password parameter to a custom security adapter if the value corresponds to the value of the Trust Token parameter defined for the custom security adapter. This value must not be empty when Web SSO is enabled. In a Web SSO environment, this token string is a shared secret between the application interface and the security adapter. It is a measure to protect against spoofing attacks. This setting must be the same on both the application interface and the security adapter. For more information, see Chapter 6, "Single Sign-On Authentication". |
|
User Specification |
Basic Information - Authentication |
In a Web SSO implementation, this variable name specifies the name of the HTTP header variable to read the user's user name. Do not prefix with HTTP_. |
Anonymous User Name |
Basic Information - Authentication |
Provide the user name required for anonymous browsing and initial access to the login pages. For example: GUESTCST. The user name selected as the anonymous user must be assigned access to views intended for anonymous browsing, but to no other views. |
Anonymous User Password |
Basic Information - Authentication |
Provide the password for the anonymous user. For more information on setting passwords for the anonymous user, see "Encrypted Passwords in Siebel Application Interface Profile Configuration". |
The Active Session Timeout Value parameter is the time, in seconds, from the user's last browser request until the user's connection times out. Table A-5 offers guidelines for setting this parameter.
Table A-5 Guidelines for Setting the Active Session Timeout Value
Session Type | Condition | Recommended Setting |
---|---|---|
Anonymous session |
|
Greater than 30 minutes. |
Guest |
|
Greater than 30 minutes. Less than 5 minutes. Less than 5 minutes. |
Regular |
|
Greater than 30 minutes. 1-15 minutes. Less than 5 minutes. Greater than 30 minutes. Greater than 30 minutes. |
The types of session timeouts mentioned in Table A-5 refer to session inactivity. That is, if session timeout is set to 3600 seconds, then it requires one hour of session inactivity for that session to time out. Session inactivity means no request is made to the Siebel Server on that session. Any act that sends a ping request to the Siebel Server, such as sending notifications, resets the session timeout period. If the update interval is less than the Active Session Timeout Value set in the Siebel Application Interface profile, then the session never times out.
If you use the Siebel Portal Framework to implement portal views, then note that the Siebel application times out if user activity in the portal view exceeds the time that is specified by Active Session Timeout Value. Note also that, by default, portal views send a ping status request to their server every 120 seconds (2 minutes) to keep their session alive. For more information about the Siebel Portal Framework, see Siebel Portal Framework Guide.
Table A-6 lists the Application Object Manager parameters in the Siebel Application Interface profile that relate to authentication. You define these parameters in the Applications - Basic Information section under Application Interface Profiles in the Siebel Management Console.
Table A-6 Application Object Manager Parameters in the Siebel Application Interface Profile
Parameter | Section Under Application Interface Profiles | Description |
---|---|---|
Application Name |
Applications - Basic Information |
Specify the application name. |
Object Manager |
Applications - Basic Information |
Specify the object manager for the application. |
Language |
Applications - Basic Information |
Specify the language for the application. |
Request Start Command |
Applications - Basic Information |
Specify the start command for the application. |
Configure HTTP Inbound Transport |
Applications - Basic Information |
Select this option to enable HTTP in-bound transport. |
Configure Anonymous Pool |
Applications - Basic Information This option appears if you select the Configure HTTP Inbound Transport option. |
Select this option to use the anonymous user connection pool. |
Anonymous Pool Size |
Applications - Basic Information This option appears if you select the Configure HTTP Inbound Transport option and the Configure Anonymous Pool option. |
Specify the pool size for anonymous user connections. |
Maximum Retry for processing EAI-SOAP request |
Applications - Basic Information |
Specify the maximum number of retries when processing EAI-SOAP requests. |
No Session Preference in EAI-SOAP |
Applications - Basic Information |
Select this option if no session preference is required in EAI-SOAP. |
Table A-7 lists the SWE parameters in the Siebel Application Interface profile that relate to security and authentication. You define these parameters in the Other Information section under Application Interface Profiles in the Siebel Management Console.
Table A-7 Authentication-Related SWE Parameters in Siebel Application Interface Profile
Parameter | Section Under Application Interface Profiles | Description |
---|---|---|
Language |
Other Information - SWE |
Specify the language of the Siebel application. |
HTTP-POST Request Size (byte) |
Other Information - SWE |
Specify the byte size to control the size of HTTP POST requests from the application interface. This field must not be empty. |
Seed File Location |
Other Information - SWE |
Specify the location of the seed file. |
Monitor Sessions |
Other Information - SWE |
Select this option to gather statistics on all current sessions. Results are reported in the application interface Stats page. |
Collect Application-Specific Statistics |
Other Information - SWE |
Select this option to enable the collection of application-specific statistics. |
Table A-7 lists the REST inbound authentication parameters in the Siebel Application Interface profile. You define these parameters in the Authentication - REST Inbound Authentication section under Application Interface Profiles in the Siebel Management Console. For information about other REST parameters that you define in the Application Interface Profile, see Siebel REST API Guide.
Table A-8 REST Inbound Authentication Parameters in Siebel Application Interface Profile
Parameter | Section Under Application Interface Profiles | Description |
---|---|---|
Anonymous User Name |
Basic Information - Authentication - REST Inbound Authentication |
Specify the anonymous user to use for anonymous REST inbound requests. For example: GUESTCST. |
Anonymous User Password |
Basic Information - Authentication - REST Inbound Authentication |
Specify the password for the anonymous user for REST inbound requests. |
Authentication Type |
Basic Information - Authentication - REST Inbound Authentication |
Specify the authentication type that the Siebel Application Interface nodes accept for REST inbound authentication. The options are:
|
Trust Token |
Basic Information - Authentication - REST Inbound Authentication This option appears if you select the Single Sign-On or OAuth (Authentication Type) option. |
Specify the trust token, which will be used as the password when Single Sign-On or OAuth is enabled. The specified value is passed as the Password parameter to a custom security adapter, if the value corresponds to the value of the Trust Token parameter defined for the custom security adapter. |
Authentication URL |
Basic Information - Authentication - REST Inbound Authentication This option appears if you select the OAuth (Authentication Type) option. |
Specify the URL to use for REST inbound authentication (OAuth). It is recommended that you specify the URL using the HTTPS format. |
User Specification |
Basic Information - Authentication - REST Inbound Authentication This option appears if you select the Single Sign-On (Authentication Type) option. |
Specify the user specification to user for authentication. |
Session Timeout (seconds) |
Basic Information - Authentication - REST Inbound Authentication |
Specify the time (in seconds) that a connection task will wait for a message from the client, before timing out. |
Secure Channel |
Basic Information - Authentication - REST Inbound Authentication |
This option applies only for the OAuth authentication type as follows:
|