11Configuration Parameters Related to Authentication
Configuration Parameters Related to Authentication
This chapter describes the configuration parameters that are applicable to implementing a security adapter and other important authentication and security-related parameters that must be configured in the Siebel Management Console. It includes the following topics:
Server Parameters for Siebel Gateway
The server parameters for Siebel Gateway can be set at one or more of the Enterprise, Siebel Server, or component (Siebel Application Interface) levels in the Siebel Management Console. They are set in the Administration - Server Configuration screen of a Siebel employee application, such as Siebel Call Center. The following rules apply:
Parameters you set at the Enterprise level configure all Siebel Servers throughout the enterprise.
Parameters you set at the Siebel Server level configure all applicable components on a specific Siebel Server.
Parameters you set at the component (Siebel Application Interface) level configure all the tasks, or instances, of a specific component.
Parameters you set for an enterprise profile (named subsystem) configure the applicable security adapter.
For purposes of authentication, most of the components of interest are Application Object Managers, such as the Call Center Object Manager or the eService Object Manager. The Synchronization Manager component also supports authentication.
A particular parameter set at a lower level overrides the same parameter set at a higher level. For example, if Security Adapter Mode is set to LDAP at the Enterprise level, and Security Adapter Mode is set to Custom at the component level for the eService Object Manager component, then the Custom security adapter is used for Siebel eService.
Parameters configured for Siebel security adapters are configured for the enterprise profile (for GUI Server Manager) or named subsystem (for command-line Server Manager). For more information about configuring security adapters, see Security Adapter Authentication.
The following topics provide more information about the parameters you can configure for Siebel Gateway:
Security Profile Configuration for Siebel Gateway
The security profile, which is centrally stored in the registry, contains the configuration parameters that determine how access to Siebel Gateway is authenticated. The security profile that you define when you configure Siebel Gateway is automatically used to prepopulate the security-related parameters for various different configurations including the Siebel Gateway and Enterprise (enterprise profile).
Siebel Gateway authorization is required whether you use the Siebel Management Console, Siebel Server Manager, or other utilities to access the gateway. When a user attempts to log in to the gateway, the user's credentials are passed by the server to the authentication provider specified in the security profile, which checks that the user has the required administrator privileges to access the gateway. If it has, the gateway starts to process service requests.
You configure the security profile using Siebel Management Console. Any changes made to the security profile are not active until you restart the Siebel Gateway. For more information on configuring a security profile for Siebel Gateway, see Configuring Security Adapters Using the Siebel Management Console and Parameters for Configuring Security Adapter Authentication.
Parameters for Configuring Security Adapter Authentication
The following information lists the parameters in the Security Profile that relate to database, LDAP, or custom authentication. You set these parameters when configuring a security profile to use a database, LDAP, or custom security adapter. You define these parameters in the Data Sources section and Basic Information section under Security Profiles in the Siebel Management Console.
You can define database authentication parameters for the following named subsystems:
InfraSecAdpt_DB. That is, for the DBSecAdpt named subsystem or a similar security adapter with a nondefault name.
InfraDataSource. That is, for the ServerDataSrc named subsystem or another data source.
You can define LDAP authentication parameters for the following named subsystems:
InfraSecAdpt_LDAP. That is, for the LDAPSecAdpt named subsystem or a similar security adapter with a nondefault name.
You can define custom authentication parameters for the following named subsystems:
InfraSecAdpt_Custom. That is, for the CustSecAdpt named subsystem or a similar security adapter with a nondefault name.
The named subsystem is specified as the value for the data source Security Adapter Name parameter for the database, LDAP, or custom security adapter.
Table Security Adapter Authentication Parameters
Parameter |
Section Under Security Profiles |
Comment or Description |
|---|---|---|
Name |
Data Sources |
Specify the name of the data source. |
Type |
Data Sources |
Specify the type or mode of authentication you are using. The options are:
If you implement a custom, non-Siebel security adapter, then you must configure your adapter to interpret the parameters used by the Siebel adapters if you want to use those parameters. |
Host Name |
Data Sources |
Specify the host name for the data source, such as the host name of the database server for database authentication. Note that you may have to include the IP address if the server is configured to listen only with the IP address:
|
Port |
Data Sources |
Specify the port number for the source, such as the port number of the database server for database authentication. For example, specify:
|
Application User Distinguished Name (DN) |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the user name of a record in the directory with sufficient permissions to read any user’s information and do any necessary administration. This user provides the initial binding of the LDAP directory with the Application Object Manager when a user requests the login page, or else anonymous browsing of the directory is required. You enter this parameter as a full distinguished name (DN), for example You must implement an application user. |
Application Password |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the password for the user defined by the Application User Distinguished Name parameter. In an LDAP directory, the password is stored in an attribute. The application password must be encrypted. Clear text passwords are not supported for the LDAPSecAdpt named subsystem. For more information, see Changing Encrypted Passwords Using the Siebel Management Console. |
Base Distinguished Name (DN) |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the base distinguished name, which is the root of the tree under which users of this Siebel application are stored in the directory. Users can be added directly or indirectly after this directory. For example, a typical entry for an LDAP server might be: BaseDN = "ou=people, o=domain_name"where:
|
Custom Library |
Data Sources This option appears if you select Custom Authentication. |
Name of the custom security adapter implementation. For example, custsecadpt in the case of custsecadpt.so, custsecadpt.dll and so on. Do not give the file extension. |
SQL Style of Database |
Data Sources This option appears if you select Database or Custom Authentication. |
Specify the SQL style for your Siebel database. Specify one of the following:
|
Database Service Name |
Data Sources This option appears if you select Database Authentication. |
The database name:
|
Table Owner |
Data Sources This option appears if you select Database Authentication. |
The table owner for the database. |
CRC Checksum |
Data Sources This option appears if you select Custom Authentication and only if the Custom Library parameter is Not Null. |
Provide the value of the checksum performed on the applicable security adapter library (DLL). This value, applicable for the Siebel Server only, ensures that each user accesses the Siebel database through the correct security adapter. If this field is empty or contains the value 0 (zero), then no checksum validation is performed. If you upgrade your version of Siebel Business Applications, then you must recalculate the checksum value and replace the value in this field. For more information, see Configuring Checksum Validation. |
Credentials Attribute |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the attribute type that stores a database account. For example, if Credentials Attribute is set to dbaccount, then when a user with user name HKIM is authenticated, the security adapter retrieves the database account from the dbaccount attribute for HKIM. This attribute value must be of the form If you implement LDAP security adapter authentication to manage the users in the directory through the Siebel client, then the value of the database account attribute for a new user is inherited from the user who creates the new user. The inheritance is independent of whether you implement a shared database account, but does not override the use of the shared database account. |
Hash Algorithm |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the hash algorithm to be used for password hashing. Choose one of the following:
|
Hash DB Password |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Select this check box to specify password hashing for database credentials passwords. |
Hash User Password |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Select this check box to specify password hashing (using the hashing algorithm specified using the Hash Algorithm parameter) for user passwords. For more information, see About Password Hashing. |
Password Attribute Type |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the attribute type under which the user’s login password is stored in the directory. The LDAP entry must be userPassword. |
Propagate Change |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Select this check box to allow administration of the directory through Siebel Business Applications UI. When an administrator then adds a user or changes a password from within the Siebel application, or a user changes a password or self-registers, the change is propagated to the directory. A non-Siebel security adapter must support the SetUserInfo and ChangePassword methods to allow dynamic directory administration. |
Roles Attribute (optional) |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the attribute type for roles stored in the directory. For example, if Roles Attribute is set to roles, then when a user with user name HKIM is authenticated, the security adapter retrieves the user’s Siebel responsibilities from the roles attribute for HKIM. Responsibilities are typically associated with users in the Siebel database, but they can be stored in the database, in the directory, or in both. The user gets access to all of the views in all of the responsibilities specified in both sources. However, it is recommended that you define responsibilities in the database or in the directory, but not in both places. For details, see Configuring Roles Defined in the Directory. |
Shared Databases Account Distinguished Name (fully qualified domain name) |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the absolute path (not relative to the Base Distinguished Name) of an object in the directory that has the shared database account for the application. If not set, then the database account is looked up in the user’s DN as usual. If set, then the database account for all users is looked up in the shared credentials DN instead. The attribute type is determined by the value of the Credentials Attribute parameter. For example, if the Shared Database Account Distinguished Name parameter is set to |
Shared DB User Name |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the user name to connect to the Siebel database. You must specify a valid Siebel user name and password for the Shared DB User Name and Shared DB Password parameters. Specify a value for this parameter if you store the shared database account user name as a parameter rather than as an attribute of the directory entry for the shared database account. To use this parameter, you can use an LDAP directory. For more information, see Storing Shared Database Account Credentials as Profile Parameters. |
Shared DB Password |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specify the password associated with the Shared DB User Name parameter. |
Security Adapter Mapped User Name |
Data Sources This option appears if you select LDAP or Custom Authentication. |
If this check box is selected, then when the user key name passed to the security adapter is not the Siebel User ID, then the security adapter retrieves the Siebel User ID for authenticated users from an attribute defined by the Siebel Username Attribute parameter. |
Siebel Username Attribute |
Data Sources This option appears if you select LDAP or Custom Authentication, and if the Security Adapter Mapped User Name check box is selected. |
If set, then this parameter is the attribute from which the security adapter retrieves an authenticated user’s Siebel User ID. If not set, then the user name passed in is assumed to be the Siebel User ID. |
SSL |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specifies whether or not to enable Secure Sockets Layer for socket connections to the host. |
Enable SSL |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specifies whether or not TLS is used for communication between the LDAP security adapter and the directory. If this check box is not selected, then TLS is not used. To use TLS, the value of this parameter must be the absolute path of the wallet, generated by Oracle Wallet Manager, that contains a certificate for the certificate authority that is used by the LDAP server. |
Configure Web Single Sign-On |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specifies that the security adapter uses Web Single Sign-On (Web SSO) authentication rather than security adapter authentication. Note that you must disable Web SSO when you configure Siebel Gateway initially (first time running Siebel Management Console). Then after you complete Siebel Gateway initial configuration and enterprise deployment, you must add the SSO parameters retrospectively using Siebel Server Manager. For more information, see Siebel System Administration Guide. |
Trust Token |
Data Sources This option appears if you select Web Single Sign-On for LDAP or Custom Authentication. |
Specifies a password to be used with Web Single Sign-On (Web SSO) authentication. |
Wallet Password |
Data Sources This option appears if you select SSL for LDAP or Custom Authentication. |
Specifies the password to open the wallet that contains a certificate for the certificate authority used by the directory server. Note that you do not have to specify the wallet location when configuring an LDAP security adapter because the wallet file (ewallet.p12) is placed in the trust store location. |
Salt Attribute Type |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specifies the attribute that stores the salt value if you have chosen to add salt values to user passwords. The default attribute is title. |
Salt User Password |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Select this check box to specify that salt values are to be added to user passwords before they are hashed. This parameter is ignored if the Hash User Password parameter is set to FALSE. Adding salt values to user passwords is not supported if you are using Web Single Sign-On. For more information on salt values, see About Password Hashing. |
User Name Attribute Type |
Data Sources This option appears if you select LDAP or Custom Authentication. |
Specifies the attribute type under which the user’s login name is stored in the directory. For example, if User Name Attribute Type is set to uid, then when a user attempts to log in with user name HKIM, the security adapter searches for a record in which the uid attribute has the value HKIM. This attribute is the Siebel user ID, unless the Security Adapter Mapped User Name check box is selected. If you implement an adapter-defined user name (the Security Adapter Mapped User Name check box is selected), then you must set the OM - Username BC Field parameter appropriately to allow the directory attribute defined by User Name Attribute Type to be updated from the Siebel client. For more information about implementing an adapter-defined user name, see Configuring Adapter-Defined User Name. |
Enterprise Security Authentication Profile (Security Adapter Mode) |
Basic Information |
Specify the type of authentication you are using.
If you implement a custom, non-Siebel security adapter, then you must configure your adapter to interpret the parameters used by the Siebel adapters if you want to use those parameters. |
Security Adapter Name (named subsystem) |
Basic Information |
The chosen security adapter.
|
Database Security Adapter Data Source |
Basic Information This option appears if you select Database Authentication. |
Select the security adapter data source. |
Database Security Adapter Propagate Changes |
Basic Information This option appears if you select Database Authentication. |
Specify whether to propagate changes for the security adapter. Select this option to allow administration of credentials in the database through Siebel Business Applications. When an administrator then adds a user or changes a password from within a Siebel application or a user changes a password or self-registers, the change is propagated to the database. For Siebel Developer Web Client, the SecThickClientExtAutent system preference must also be set to True. For details, see Setting a System Preference for Developer Web Clients. |
Authorization Roles (comma-separated) |
Basic Information |
Specify one or more authorization roles (which will be checked against the users logging in to the application). The default value is Siebel Administrator. This setting applies whether you are implementing security adapter authentication or Web SSO authentication. |
User Name |
Testing |
Specify the user name for testing authentication under the specified authentication system. |
Password |
Testing |
Specify the password for the user account used for testing. |
Authentication and Security-Related Parameters in the Enterprise Profile
The following information lists the parameters in the Enterprise Profile that relate to authentication and security. You define these parameters in the Authentication section and Security Information section under Enterprise Profiles in the Siebel Management Console.
Table Authentication and Security Parameters in the Enterprise Profile
Parameter |
Section Under Enterprise Profiles |
Description |
|---|---|---|
User Name |
Authentication |
The user name. |
Password |
Authentication |
The user password. |
Authentication Profile |
Authentication |
The authentication profile for the Enterprise. |
Primary Language |
Authentication |
The primary language for the Enterprise deployment. |
Security Encryption Level or Type |
Security Information |
The level or type of security encryption. The options are:
|
Certificate Authority (CA) Certificate File Name |
Security Information This option appears if the Security Encryption Level or Type parameter is set to TLS 1.2. |
The name of the CA Certificate file. |
Private Key File Name |
Security Information This option appears if the Security Encryption Level or Type parameter is set to TLS 1.2. |
The name of the private key file. |
Private Key File Password |
Security Information This option appears if the Security Encryption Level or Type parameter is set to TLS 1.2. |
The password for the private key file. |
Enable Peer Authentication |
Security Information This option appears if the Security Encryption Level or Type parameter is set to TLS 1.2. |
Select this option to enable peer authentication. |
Validate Peer Certificate |
Security Information This option appears if the Security Encryption Level or Type parameter is set to TLS 1.2. |
Select this check box to validate the peer certificate. |
Security-Related Parameters in the Server Profile
The following information lists the parameters in the Server Profile that relate to security. You define these parameters in the Enhanced Settings - Security section under Siebel Server Profiles in the Siebel Management Console.
Table Security Parameters in the Server Profile
Parameter |
Section Under Siebel Server Profiles |
Description |
|---|---|---|
Server-Specific Security Encryption Settings |
Enhanced Settings - Security |
Select this option to configure security and encryption for communications between the Siebel Server and other servers. If you do not select this option, then the settings are inherited from the Enterprise. |
Server-Specific Security Authentication Profile Assignment |
Enhanced Settings - Security |
Select this option to assign an existing security adapter to this Siebel Server or to specific components. |
Security Encryption Level or Type |
Enhanced Settings - Security This option appears if you select the Server-Specific Security Encryption Settings parameter option. |
Specify the security encryption level or type. The options are:
|
Certificate File Name |
Enhanced Settings - Security This option appears if you select the Server-Specific Security Encryption Settings parameter option and the Security Encryption Type or Level parameter is set to TLS 1.2. |
The password for the private key file. |
Certificate Authority (CA) Certificate File Name |
Enhanced Settings - Security This option appears if you select the Server-Specific Security Encryption Settings parameter option and the Security Encryption Level or Type parameter is set to TLS 1.2. |
Select this check box to enable peer authentication. |
Siebel Application Interface Profile Parameters
The Siebel Application Interface profile contains parameters that control interactions between the Siebel Web Engine and the Siebel Application Interface for all Siebel Business Applications deploying the Siebel Web Client.
The Siebel Application Interface profile includes a Basic Information section for defining Authentication, Logging, and REST Inbound Defaults, an Other Information section for defining SWE, and an Applications section for defining Basic Information, Mobile, and Enhanced Authentication for individual Siebel Business Applications. Each parameter value in the Basic Information section is used by all individual applications, unless you override the parameter’s value (for a specific application) with an entry in the Applications section.
You can edit the parameters in the Siebel Application Interface profile using the Siebel Management Console. For information on using the Siebel Management Console to configure application interface profile parameters, see Siebel Installation Guide for the operating system you are using.
In a given Siebel Application Interface profile, some parameters might not appear by default. For more detailed information on application interface profile parameters, see:
Authentication Parameters in Siebel Application Interface Profile
Application Object Manager Parameters in Siebel Application Interface Profile
REST Inbound Authentication Parameters in Siebel Application Interface Profile
Siebel supports the following security profiles for Siebel 2018 and later releases:
Application Interface profiles, which require a 1:1 mapping to security profiles (Database, LDAP, or Custom).
For object manager-based UI applications, either Basic or SSO authentication is supported on the defined security profile.
For object manager-based REST channels, either Basic, SSO, or OAuth authentication is supported.
For non-object manager REST calls, authentication types are not controlled by the Application Interface profile so the Basic authentication type is used with the defined security profile. For example: srvrmgr, Gateway and Siebel Manager Console-specific (non-object manager) REST calls.
Components that are not part of the Application Interface can override the basic security profile and use a different security profile. For example: the Siebel Enterprise Cache and Siebel Constraint Engine.
Authentication Parameters in Siebel Application Interface Profile
The following information lists the parameters in the Siebel Application Interface profile that relate to authentication. You define these parameters in either the Basic Information section or the Applications section under Application Interface Profiles in the Siebel Management Console.
Table Authentication-Related Parameters in Siebel Application Interface Profile
Parameter |
Section Under Application Interface Profiles |
Description |
|---|---|---|
Active Session Timeout Value (seconds) |
Basic Information - Authentication |
The time, in seconds, from the user’s last browser request until the user’s connection times out. The default is 900 seconds (15 minutes). Standard sessions are those where users log in using their registered user name and password. Otherwise, standard sessions share many of the same characteristics as guest sessions. For guidelines on setting a value for the Active Session Timeout Value parameter, see About the Active Session Timeout Value Parameter. |
Active Session Timeout Warning Value (seconds) |
Basic Information - Authentication |
Before a session times out, a session timeout warning message appears prompting users to choose whether or not to extend the session. The time at which the message appears is determined by the value specified by this parameter. The default value for this parameter is 60 seconds. The time at which the session timeout warning message appears is calculated by subtracting the Active Session Timeout Warning Value from the Active Session Timeout Value. For example, if Active Session Timeout Value is set to 900 seconds and Active Session Timeout Warning Value is set to 300 seconds, then the session timeout warning message appears after 600 seconds of inactivity (900 minus 300 equals 600).
|
Login Session (guest session) Timeout Value (seconds) |
Basic Information - Authentication |
The time, in seconds, that a connection open for anonymous browsing can remain idle before it times out. The default is 300 seconds (5 minutes). Guest sessions are used for anonymous browsing. They permit users to navigate portions of the site without logging in. In contrast to anonymous sessions, guest sessions are associated with an individual Siebel Web Client. These sessions are opened when an unregistered user starts navigating the site, and they remain open until the Web client logs out or times out due to inactivity. When deciding the value to specify for guest user timeout, the primary consideration is whether or not anonymous browsing is being used. If it is, then set guest user timeouts to be greater than the average time users need to deliberate their next action. In other words, this is the time allowed between user actions. Both guest and anonymous sessions use the Anonymous User Name and Anonymous User Password parameters to log in. |
Method to Check Server Availability |
Basic Information - Authentication |
Provide the swe method name which will be used with the swe command name provided in the [Command to Check Server Availability] field to check the server availability. This must not be empty if the [Command to Check Server Availability] field is not empty. |
Command to Check Server Availability |
Basic Information - Authentication |
Provide the swe command name, which will be sent to check the server availability. |
Session Token Usage Duration (minutes) |
Basic Information - Authentication |
Provide the session token usage duration, which will make the application interface reject the token if it has been used for more than this value. |
Session Token Timeout Value (seconds) |
Basic Information - Authentication |
Provide the session token time out, which will make the application interface reject the session token if the token is inactive for more than this value. |
Configure Web Single Sign-On (Web SSO) |
Basic Information - Authentication |
The application interface operates in Web SSO mode when this parameter is |
Trust Token |
Basic Information - Authentication This option appears when Web SSO is true. |
Provide the trust token string, which will be used as the password when Web SSO is enabled. The specified value is passed as the password parameter to a custom security adapter if the value corresponds to the value of the Trust Token parameter defined for the custom security adapter. This value must not be empty when Web SSO is enabled. In a Web SSO environment, this token string is a shared secret between the application interface and the security adapter. It is a measure to protect against spoofing attacks. This setting must be the same on both the application interface and the security adapter. For more information, see Single Sign-On Authentication |
User Specification |
Basic Information - Authentication |
In a Web SSO implementation, this variable name specifies the name of the HTTP header variable to read the user’s user name. Do not prefix with HTTP_. |
Anonymous User Name |
Basic Information - Authentication |
Provide the user name required for anonymous browsing and initial access to the login pages. For example: GUESTCST. The user name selected as the anonymous user must be assigned access to views intended for anonymous browsing, but to no other views. |
Anonymous User Password |
Basic Information - Authentication |
Provide the password for the anonymous user. For more information on setting passwords for the anonymous user, see Encrypted Passwords in Siebel Application Interface Profile Configuration. |
About the Active Session Timeout Value Parameter
The Active Session Timeout Value parameter is the time, in seconds, from the user’s last browser request until the user’s connection times out. The following table offers guidelines for setting this parameter.
Table Guidelines for Setting the Active Session Timeout Value
Session Type |
Condition |
Recommended Setting |
|---|---|---|
Anonymous session |
|
Greater than 30 minutes. |
Guest |
|
Greater than 30 minutes. Less than 5 minutes. Less than 5 minutes. |
Regular |
|
Greater than 30 minutes. 1-15 minutes. Less than 5 minutes. Greater than 30 minutes. Greater than 30 minutes. |
The types of session timeouts mentioned in the table refer to session inactivity. That is, if session timeout is set to 3600 seconds, then it requires one hour of session inactivity for that session to time out. Session inactivity means no request is made to the Siebel Server on that session. Any act that sends a ping request to the Siebel Server, such as sending notifications, resets the session timeout period. If the update interval is less than the Active Session Timeout Value set in the Siebel Application Interface profile, then the session never times out.
If you use the Siebel Portal Framework to implement portal views, then note that the Siebel application times out if user activity in the portal view exceeds the time that is specified by Active Session Timeout Value. Note also that, by default, portal views send a ping status request to their server every 120 seconds (2 minutes) to keep their session alive. For more information about the Siebel Portal Framework, see Siebel Portal Framework Guide.
Application Object Manager Parameters in Siebel Application Interface Profile
The following information lists the Application Object Manager parameters in the Siebel Application Interface profile that relate to authentication. You define these parameters in the Applications - Basic Information section under Application Interface Profiles in the Siebel Management Console.
Table Application Object Manager Parameters in the Siebel Application Interface Profile
Parameter |
Section Under Application Interface Profiles |
Description |
|---|---|---|
Application Name |
Applications - Basic Information |
Specify the application name. |
Object Manager |
Applications - Basic Information |
Specify the object manager for the application. |
Language |
Applications - Basic Information |
Specify the language for the application. |
Request Start Command |
Applications - Basic Information |
Specify the start command for the application. |
Configure HTTP Inbound Transport |
Applications - Basic Information |
Select this option to enable HTTP in-bound transport. |
Configure Anonymous Pool |
Applications - Basic Information This option appears if you select the Configure HTTP Inbound Transport option. |
Select this option to use the anonymous user connection pool. |
Anonymous Pool Size |
Applications - Basic Information This option appears if you select the Configure HTTP Inbound Transport option and the Configure Anonymous Pool option. |
Specify the pool size for anonymous user connections. |
Maximum Retry for processing EAI-SOAP request |
Applications - Basic Information |
Specify the maximum number of retries when processing EAI-SOAP requests. |
No Session Preference in EAI-SOAP |
Applications - Basic Information |
Select this option if no session preference is required in EAI-SOAP. |
SWE Parameters in Siebel Application Interface Profile
The following information lists the SWE parameters in the Siebel Application Interface profile that relate to security and authentication. You define these parameters in the Other Information section under Application Interface Profiles in the Siebel Management Console.
Table Authentication-Related SWE Parameters in Siebel Application Interface Profile
Parameter |
Section Under Application Interface Profiles |
Description |
|---|---|---|
Language |
Other Information - SWE |
Specify the language of the Siebel application. |
HTTP-POST Request Size (byte) |
Other Information - SWE |
Specify the byte size to control the size of HTTP POST requests from the application interface. This field must not be empty. |
Seed File Location |
Other Information - SWE |
Specify the location of the seed file. |
Monitor Sessions |
Other Information - SWE |
Select this option to gather statistics on all current sessions. Results are reported in the application interface Stats page. |
Collect Application-Specific Statistics |
Other Information - SWE |
Select this option to enable the collection of application-specific statistics. |
REST Inbound Authentication Parameters in Siebel Application Interface Profile
The following information lists the REST inbound authentication parameters in the Siebel Application Interface profile. You define these parameters in the Authentication - REST Inbound Authentication section under Application Interface Profiles in the Siebel Management Console. For information about other REST parameters that you define in the Application Interface Profile, see Siebel REST API Guide.
Table REST Inbound Authentication Parameters in Siebel Application Interface Profile
Parameter |
Section Under Application Interface Profiles |
Description |
|---|---|---|
Anonymous User Name |
Basic Information - Authentication - REST Inbound Authentication |
Specify the anonymous user to use for anonymous REST inbound requests. For example: GUESTCST. |
Anonymous User Password |
Basic Information - Authentication - REST Inbound Authentication |
Specify the password for the anonymous user for REST inbound requests. |
Authentication Type |
Basic Information - Authentication - REST Inbound Authentication |
Specify the authentication type that the Siebel Application Interface nodes accept for REST inbound authentication. The options are:
|
Trust Token |
Basic Information - Authentication - REST Inbound Authentication This option appears if you select the Single Sign-On or OAuth (Authentication Type) option. |
Specify the trust token, which will be used as the password when Single Sign-On or OAuth is enabled. The specified value is passed as the Password parameter to a custom security adapter, if the value corresponds to the value of the Trust Token parameter defined for the custom security adapter. |
Authentication URL |
Basic Information - Authentication - REST Inbound Authentication This option appears if you select the OAuth (Authentication Type) option. |
Specify the URL to use for REST inbound authentication (OAuth). It is recommended that you specify the URL using the HTTPS format. |
User Specification |
Basic Information - Authentication - REST Inbound Authentication This option appears if you select the Single Sign-On (Authentication Type) option. |
Specify the user specification to user for authentication. |
Session Timeout (seconds) |
Basic Information - Authentication - REST Inbound Authentication |
Specify the time (in seconds) that a connection task will wait for a message from the client, before timing out. |
Secure Channel |
Basic Information - Authentication - REST Inbound Authentication |
This option applies only for the OAuth authentication type as follows:
|
Siebel Application Configuration Parameters
A separate configuration exists for each Siebel application for each language. The parameters for each Siebel application determine how the user interacts with the Application Object Manager and with the security adapter. The application configuration that controls a particular user session depends on the client with which a user connects as follows:
Configuration parameters on the Siebel Server (Siebel Web Client). For users connecting with the standard Siebel Web Client, application configuration is located in the
SIEBSRVR_ROOT\bin\LANGUAGEsubdirectory. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in theSIEBSRVR_ROOT\bin\ENUdirectory.Note: Most of the security-related parameters applicable to Siebel Servers (and, consequently, Siebel Web Clients) are stored in the Siebel Gateway, not in the application configuration file.See Server Parameters for Siebel Gateway for a description of the parameters applicable to Siebel Web Clients.
Configuration parameters on the Siebel Mobile Web Client or Developer Web Client. For users connecting through the Siebel Mobile Web Client or Developer Web Client, the configuration is located in the
SIEBEL_CLIENT_ROOT\bin\LANGUAGEsubdirectory on the client. For example, eservice.cfg is provided for Siebel eService, for implementation in U.S. English, in theSIEBEL_CLIENT_ROOT\bin\ENUdirectory.The Siebel Mobile Web Client connects directly to the local database; it bypasses the Siebel Server.
The Siebel Developer Web Client connects directly to the server database; it bypasses the Siebel Server.
The parameters in the following table apply to Siebel Mobile Web Clients and Developer Web Clients.
Changes to an application configuration are not active until you restart the Siebel Server or Siebel client. For more information about working with configuration information, see Siebel System Administration Guide.
Table Parameters for Siebel Mobile Clients and Developer Web Clients
Parameter |
Description |
|---|---|
SecAdptMode For more information about setting this parameter, see the Enterprise Security Authentication Profile (Security Adapter Mode) parameter in the table in Parameters for Configuring Security Adapter Authentication. |
Specifies the security adapter mode. The options are:
If you implement a custom, non-Siebel security adapter, then you must configure your adapter to interpret the parameters used by the Siebel adapters if you want to use those parameters. |
SecAdptName For more information about setting this parameter, see the Security Adapter Name (named subsystem) parameter in the table in Parameters for Configuring Security Adapter Authentication. |
Specifies the name of the security adapter.
|
UseRemoteConfig This parameter applies only to the Siebel Developer Web Client, and is not available in the Siebel Management Console. |
Specifies the path to a configuration file that contains only parameters for a security adapter, that is, it contains parameters as they would be formatted if they were included in a section such as [LDAPSecAdpt] in an application’s configuration file. You must provide the path in universal naming convention (UNC) format, that is, for example, in a form like For detailed information about using this parameter, see Security Adapters and the Siebel Developer Web Client. |
Parameters for Database Security Adapter (DBSecAdpt)
You define database authentication parameters for the following named subsystems:
InfraSecAdpt_DB. That is, for the DBSecAdpt named subsystem or a similar security adapter with a nondefault name.
InfraDataSource. That is, for the ServerDataSrc named subsystem or another data source.
The named subsystem is specified as the value for the data source Security Adapter Name parameter for the database security adapter.
The following parameters apply when defining a database security adapter:
Name
Type
Host Name
Port
SQL Style of Database
Database Service Name
Table Owner
Enterprise Security Authentication Profile (Security Adapter Mode)
Security Adapter Name (named subsystem)
Database Security Adapter Data Source
Database Security Adapter Propagate Changes
For more information about these parameters, see Parameters for Configuring Security Adapter Authentication.
Parameters for LDAP Security Adapter (LDAPSecAdpt)
You define LDAP authentication parameters for the following named subsystems:
InfraSecAdpt_LDAP. That is, for the LDAPSecAdpt named subsystem or a similar security adapter with a nondefault name.
The named subsystem is specified as the value for the data source Security Adapter Name parameter for the LDAP security adapter.
The following parameters apply when defining an LDAP security adapter:
Name
Type
Host Name
Port
Enterprise Security Authentication Profile (Security Adapter Mode)
Security Adapter Name (named subsystem)
Application User Distinguished Name (DN)
Application Password
Base Distinguished Name (DN)
Credentials Attribute
Hash Algorithm
Hash DB Password
Hash User Password
Password Attribute Type
Propagate Change
Roles Attribute (optional)
Shared Databases Account Distinguished Name (fully qualified domain name)
Shared DB User Name
Shared DB Password
Security Adapter Mapped User Name
Siebel Username Attribute
SSL
Enable SSL
Configure Web Single Sign-On
Trust Token
Wallet Password
Salt Attribute Type
Salt User Password
User Name Attribute Type
For more information about these parameters, see Parameters for Configuring Security Adapter Authentication.
Parameters for Custom Security Adapter (CustSecAdpt)
You define custom authentication parameters for the following named subsystems:
InfraSecAdpt_Custom. That is, for the CustSecAdpt named subsystem or a similar security adapter with a nondefault name.
The named subsystem is specified as the value for the data source Security Adapter Name parameter for the custom security adapter.
The following parameters apply when defining an Custom security adapter:
Enterprise Security Authentication Profile (Security Adapter Mode)
Security Adapter Name (named subsystem)
Application User Distinguished Name (DN)
Application Password
Base Distinguished Name (DN)
Custom Library
SQL Style of Database
CRC Checksum
Credentials Attribute
Hash Algorithm
Hash DB Password
Hash User Password
Password Attribute Type
Propagate Change
Roles Attribute
Shared Databases Account Distinguished Name
Shared DB User Name
Shared DB Password
Security Adapter Mapped User Name
Siebel Username Attribute
SSL
Enable SSL
Configure Web Single Sign-On
Trust Token
Wallet Password
Salt Attribute Type
Salt User Password
User Name Attribute Type
For more information about these parameters, see Parameters for Configuring Security Adapter Authentication.