Siebel Application Interface Profile Parameters

The Siebel Application Interface profile contains parameters that control interactions between the Siebel Web Engine and the Siebel Application Interface for all Siebel Business Applications deploying the Siebel Web Client.

The Siebel Application Interface profile includes a Basic Information section for defining Authentication, Logging, and REST Inbound Defaults, an Other Information section for defining SWE, and an Applications section for defining Basic Information, Mobile, and Enhanced Authentication for individual Siebel Business Applications. Each parameter value in the Basic Information section is used by all individual applications, unless you override the parameter's value (for a specific application) with an entry in the Applications section.

You can edit the parameters in the Siebel Application Interface profile using the Siebel Management Console. For information on using the Siebel Management Console to configure application interface profile parameters, see Siebel Installation Guide for the operating system you are using.

In a given Siebel Application Interface profile, some parameters might not appear by default. For more detailed information on application interface profile parameters, see:

"Authentication Parameters in Siebel Application Interface Profile"
"About the Active Session Timeout Value Parameter"
"Application Object Manager Parameters in Siebel Application Interface Profile"
"SWE Parameters in Siebel Application Interface Profile"
"REST Inbound Authentication Parameters in Siebel Application Interface Profile"

Note:

Before you create and configure a Siebel Application Interface profile, make sure that you have already deployed the Siebel Server. After you have done this, the Object Manager and Application settings in Siebel Application Interface profile configuration are populated with values you can choose from that reflect available components on the Siebel Server.

After you deploy a Siebel Application Interface profile, the profile is in a read-write state. You can update the configuration settings and save the profile to propagate the updates to the deployed Siebel Application Interface.

Authentication Parameters in Siebel Application Interface Profile

Table A-4 lists the parameters in the Siebel Application Interface profile that relate to authentication. You define these parameters in either the Basic Information section or the Applications section under Application Interface Profiles in the Siebel Management Console.

Note:

Passwords (such as, Anonymous User Password and Trust Token) are encrypted by default for the Siebel Application Interface profile. For more information, see "Encrypted Passwords in Siebel Application Interface Profile Configuration".

It is recommended that you set the value for StatsPage to a value other than the default value (_stats.swe).

Table A-4 Authentication-Related Parameters in Siebel Application Interface Profile

Parameter	Section Under Application Interface Profiles	Description
Active Session Timeout Value (seconds)	Basic Information - Authentication	The time, in seconds, from the user's last browser request until the user's connection times out. The default is 900 seconds (15 minutes). Standard sessions are those where users log in using their registered user name and password. Otherwise, standard sessions share many of the same characteristics as guest sessions. For guidelines on setting a value for the Active Session Timeout Value parameter, see "About the Active Session Timeout Value Parameter".
Active Session Timeout Warning Value (seconds)	Basic Information - Authentication	Before a session times out, a session timeout warning message appears prompting users to choose whether or not to extend the session. The time at which the message appears is determined by the value specified by this parameter. The default value for this parameter is 60 seconds. The time at which the session timeout warning message appears is calculated by subtracting the Active Session Timeout Warning Value from the Active Session Timeout Value. For example, if Active Session Timeout Value is set to 900 seconds and Active Session Timeout Warning Value is set to 300 seconds, then the session timeout warning message appears after 600 seconds of inactivity (900 minus 300 equals 600). If the user selects OK in response to the session timeout warning message, then the session timer is reset to zero and is only activated again after another 600 seconds of inactivity has elapsed. If the user selects Cancel in response to the session timeout warning message, then the session is terminated once the session timeout period is reached. If you do not want users to receive a session timeout warning message, then set the Active Session Timeout Warning Value to zero (0).
Login Session (guest session) Timeout Value (seconds)	Basic Information - Authentication	The time, in seconds, that a connection open for anonymous browsing can remain idle before it times out. The default is 300 seconds (5 minutes). Guest sessions are used for anonymous browsing. They permit users to navigate portions of the site without logging in. In contrast to anonymous sessions, guest sessions are associated with an individual Siebel Web Client. These sessions are opened when an unregistered user starts navigating the site, and they remain open until the Web client logs out or times out due to inactivity. When deciding the value to specify for guest user timeout, the primary consideration is whether or not anonymous browsing is being used. If it is, then set guest user timeouts to be greater than the average time users need to deliberate their next action. In other words, this is the time allowed between user actions. Both guest and anonymous sessions use the Anonymous User Name and Anonymous User Password parameters to log in.
Method to Check Server Availability	Basic Information - Authentication	Provide the swe method name which will be used with the swe command name provided in the [Command to Check Server Availability] field to check the server availability. This must not be empty if the [Command to Check Server Availability] field is not empty.
Command to Check Server Availability	Basic Information - Authentication	Provide the swe command name, which will be sent to check the server availability.
Session Token Usage Duration (minutes)	Basic Information - Authentication	Provide the session token usage duration, which will make the application interface reject the token if it has been used for more than this value.
Session Token Timeout Value (seconds)	Basic Information - Authentication	Provide the session token timeout value, which will make the application interface reject the session token if the token is inactive for more than this value.
Configure Web Single Sign-On (Web SSO)	Basic Information - Authentication	The application interface operates in Web SSO mode when this parameter is `TRUE`. For more information, see Single Sign-On Authentication.
Trust Token	Basic Information - Authentication This option appears when Web SSO is true.	Provide the trust token string, which will be used as the password when Web SSO is enabled. The specified value is passed as the password parameter to a custom security adapter if the value corresponds to the value of the Trust Token parameter defined for the custom security adapter. This value must not be empty when Web SSO is enabled. In a Web SSO environment, this token string is a shared secret between the application interface and the security adapter. It is a measure to protect against spoofing attacks. This setting must be the same on both the application interface and the security adapter. For more information, see Chapter 6, "Single Sign-On Authentication".
User Specification	Basic Information - Authentication	In a Web SSO implementation, this variable name specifies the name of the HTTP header variable to read the user's user name. Do not prefix with HTTP_.
Anonymous User Name	Basic Information - Authentication	Provide the user name required for anonymous browsing and initial access to the login pages. For example: GUESTCST. The user name selected as the anonymous user must be assigned access to views intended for anonymous browsing, but to no other views.
Anonymous User Password	Basic Information - Authentication	Provide the password for the anonymous user. For more information on setting passwords for the anonymous user, see "Encrypted Passwords in Siebel Application Interface Profile Configuration".

About the Active Session Timeout Value Parameter

The Active Session Timeout Value parameter is the time, in seconds, from the user's last browser request until the user's connection times out. Table A-5 offers guidelines for setting this parameter.

Table A-5 Guidelines for Setting the Active Session Timeout Value

Session Type	Condition	Recommended Setting
Anonymous session	Large numbers of users logging in within a short period of time (login spikes) Frequent logins and logouts	Greater than 30 minutes.
Guest	Long intervals between user actions Login view is used for logins Logout occurs on a logout view	Greater than 30 minutes. Less than 5 minutes. Less than 5 minutes.
Regular	Employee applications Customer applications High security requirements High continuity (low interaction) with the browser Lightly loaded system	Greater than 30 minutes. 1-15 minutes. Less than 5 minutes. Greater than 30 minutes. Greater than 30 minutes.

Session Type

Condition

Recommended Setting

Anonymous session

Large numbers of users logging in within a short period of time (login spikes)
Frequent logins and logouts

Greater than 30 minutes.

Guest

Long intervals between user actions
Login view is used for logins
Logout occurs on a logout view

Greater than 30 minutes.

Less than 5 minutes.

Regular

Employee applications
Customer applications
High security requirements
High continuity (low interaction) with the browser
Lightly loaded system

Greater than 30 minutes.

1-15 minutes.

Less than 5 minutes.

Greater than 30 minutes.

The types of session timeouts mentioned in Table A-5 refer to session inactivity. That is, if session timeout is set to 3600 seconds, then it requires one hour of session inactivity for that session to time out. Session inactivity means no request is made to the Siebel Server on that session. Any act that sends a ping request to the Siebel Server, such as sending notifications, resets the session timeout period. If the update interval is less than the Active Session Timeout Value set in the Siebel Application Interface profile, then the session never times out.

If you use the Siebel Portal Framework to implement portal views, then note that the Siebel application times out if user activity in the portal view exceeds the time that is specified by Active Session Timeout Value. Note also that, by default, portal views send a ping status request to their server every 120 seconds (2 minutes) to keep their session alive. For more information about the Siebel Portal Framework, see Siebel Portal Framework Guide.

Application Object Manager Parameters in Siebel Application Interface Profile

Table A-6 lists the Application Object Manager parameters in the Siebel Application Interface profile that relate to authentication. You define these parameters in the Applications - Basic Information section under Application Interface Profiles in the Siebel Management Console.

Table A-6 Application Object Manager Parameters in the Siebel Application Interface Profile

Parameter	Section Under Application Interface Profiles	Description
Application Name	Applications - Basic Information	Specify the application name.
Object Manager	Applications - Basic Information	Specify the object manager for the application.
Language	Applications - Basic Information	Specify the language for the application.
Request Start Command	Applications - Basic Information	Specify the start command for the application.
Configure HTTP Inbound Transport	Applications - Basic Information	Select this option to enable HTTP in-bound transport.
Configure Anonymous Pool	Applications - Basic Information This option appears if you select the Configure HTTP Inbound Transport option.	Select this option to use the anonymous user connection pool.
Anonymous Pool Size	Applications - Basic Information This option appears if you select the Configure HTTP Inbound Transport option and the Configure Anonymous Pool option.	Specify the pool size for anonymous user connections.
Maximum Retry for processing EAI-SOAP request	Applications - Basic Information	Specify the maximum number of retries when processing EAI-SOAP requests.
No Session Preference in EAI-SOAP	Applications - Basic Information	Select this option if no session preference is required in EAI-SOAP.

SWE Parameters in Siebel Application Interface Profile

Table A-7 lists the SWE parameters in the Siebel Application Interface profile that relate to security and authentication. You define these parameters in the Other Information section under Application Interface Profiles in the Siebel Management Console.

Table A-7 Authentication-Related SWE Parameters in Siebel Application Interface Profile

Parameter	Section Under Application Interface Profiles	Description
Language	Other Information - SWE	Specify the language of the Siebel application.
HTTP-POST Request Size (byte)	Other Information - SWE	Specify the byte size to control the size of HTTP POST requests from the application interface. This field must not be empty.
Seed File Location	Other Information - SWE	Specify the location of the seed file.
Monitor Sessions	Other Information - SWE	Select this option to gather statistics on all current sessions. Results are reported in the application interface Stats page.
Collect Application-Specific Statistics	Other Information - SWE	Select this option to enable the collection of application-specific statistics.

REST Inbound Authentication Parameters in Siebel Application Interface Profile

Table A-7 lists the REST inbound authentication parameters in the Siebel Application Interface profile. You define these parameters in the Authentication - REST Inbound Authentication section under Application Interface Profiles in the Siebel Management Console. For information about other REST parameters that you define in the Application Interface Profile, see Siebel REST API Guide.

Table A-8 REST Inbound Authentication Parameters in Siebel Application Interface Profile

Parameter	Section Under Application Interface Profiles	Description
Anonymous User Name	Basic Information - Authentication - REST Inbound Authentication	Specify the anonymous user to use for anonymous REST inbound requests. For example: GUESTCST.
Anonymous User Password	Basic Information - Authentication - REST Inbound Authentication	Specify the password for the anonymous user for REST inbound requests.
Authentication Type	Basic Information - Authentication - REST Inbound Authentication	Specify the authentication type that the Siebel Application Interface nodes accept for REST inbound authentication. The options are: Basic Authentication Single Sign-On OAuth
Trust Token	Basic Information - Authentication - REST Inbound Authentication This option appears if you select the Single Sign-On or OAuth (Authentication Type) option.	Specify the trust token, which will be used as the password when Single Sign-On or OAuth is enabled. The specified value is passed as the Password parameter to a custom security adapter, if the value corresponds to the value of the Trust Token parameter defined for the custom security adapter.
Authentication URL	Basic Information - Authentication - REST Inbound Authentication This option appears if you select the OAuth (Authentication Type) option.	Specify the URL to use for REST inbound authentication (OAuth). It is recommended that you specify the URL using the HTTPS format.
User Specification	Basic Information - Authentication - REST Inbound Authentication This option appears if you select the Single Sign-On (Authentication Type) option.	Specify the user specification to user for authentication.
Session Timeout (seconds)	Basic Information - Authentication - REST Inbound Authentication	Specify the time (in seconds) that a connection task will wait for a message from the client, before timing out.
Secure Channel	Basic Information - Authentication - REST Inbound Authentication	This option applies only for the OAuth authentication type as follows: Select this check box only when you have already imported the Authentication URL's CA certificate into the Application Interface truststore. Deselect this check box when the Authentication URL's CA certificate is not available in the Application Interface truststore. In this case, the Application Interface trusts all certificates while calling the Authentication URL over HTTPS.