10Troubleshooting Security Issues
Troubleshooting Security Issues
This chapter provides troubleshooting tips and information about security-related issues that can occur in Siebel Business Applications. It includes the following topics:
Troubleshooting User Authentication Issues
This topic describes problems that can occur when authenticating users. To resolve the problem, look for it in the list of Symptoms or Error Messages in the following table.
Table Troubleshooting User Authentication Issues
Symptom or Error Message |
Diagnostic Steps or Cause |
Solution |
|---|---|---|
User is unable to access the Administration - Server Configuration or Administration - Server Management screen. If the Siebel system is configured to use the Siebel Audit Trail feature, then problems running audit trail occur. |
This problem can occur when using external authentication, either Web SSO or Siebel security adapter authentication. The server administration component performs its own authentication by verifying that the Siebel user ID it gets from the Application Object Manager is the user name for a database account. An external authentication system returns the user’s Siebel user ID and, typically, a database account used by many users from a Lightweight Directory Access Protocol (LDAP) directory. |
Use database authentication instead of external authentication for administration users. Administrator users must log into the application using either a different Application Object Manager or a Siebel Developer Web Client; in each case, database authentication must be configured. For more information about database authentication, see About Database Authentication and related sections. Alternatively, authentication for a secondary data source such as the Siebel Gateway can be configured. |
Adding users or changing passwords is not reflected in the directory. |
The Propagate Change parameter is set to FALSE for the security adapter. |
Set the Propagate Change parameter to TRUE for the security adapter. For more information, see Server Parameters for Siebel Gateway. |
Responsibilities in the directory conflict with responsibilities in Siebel Business Applications. |
User responsibilities are assigned in the directory and in Siebel Business Applications. |
It is recommended that you assign user responsibilities in the directory or by using Siebel Business Applications, but not both. For more information, see Configuring Roles Defined in the Directory. |
Upgrading Siebel Business Applications appears to disable Checksum validation. |
A security adapter’s CRC checksum value must be recalculated whenever you upgrade Siebel Business Applications. |
Recalculate the security adapter’s CRC checksum value when you upgrade Siebel Business Applications. For information, see Configuring Checksum Validation. |
Troubleshooting User Registration Issues
This topic describes problems that can occur when users are registered. To resolve the problem, look for it in the list of Symptoms or Error messages in the following table.
Table Troubleshooting User Registration Issues
Symptom or Error Message |
Diagnostic Steps or Cause |
Solution |
|---|---|---|
Workflows do not appear in the Business Process Administration screen. |
Your server or application is probably running on a different language from the database. For example, a DEU installation is running against an ENU database. |
Check your setup. Using Server Manager, connect to the server and run the following command to verify the language:
If the language code is incorrect, then run the following command:
where |
When I click New User, either nothing happens or an error message appears. |
Possible causes include:
|
To correct this problem:
|
When I click finish, the following message appears: Error updating business component at step Insert New User |
The problem can occur if the user being created already exists in the LDAP directory. This problem commonly occurs if the directory is not refreshed after deployment testing. |
Try to create another user or use the LDAP console to check whether or not the user exists in the directory. Connect to the LDAP directory, but instead of creating a new user, right-click on People and select Search. |
After I click Finish, the following message appears: View not accessible |
The user was successfully created and could log in. However, the user did not receive the appropriate responsibility and so cannot access the view. |
Change the New Responsibility field for the Anonymous User of the application to one that contains the necessary views. |
When I click the New User link, nothing happens. |
Most likely, some or all of the User Registration workflow processes are not activated; or if they are, the server needs to be restarted. |
In the Administration - Server Management screen, restart only the necessary Application Object Managers. Restarting the server also works. |
When I click Next in a User Registration view, nothing happens. |
There might be another workflow that is being triggered which is disrupting the User Registration workflow. It is also possible that not all necessary workflows have been activated. |
Activate all necessary workflows and deactivate any disruptive workflows. For information on these tasks, see: |
When I click Finish, an error is returned. |
Possible causes include:
|
Check to see if the user exists in the Person view in the Administration - User screen. If the user exists but was not given an entry in the LDAP directory, then that user cannot log in. You can also verify this by trying to create a user in the User view. If you can set the user ID and password, then try to log in as that person. |
Troubleshooting Access Control Issues
This topic describes problems related to access control. To resolve the problem, look for it in the list of Symptoms or Error messages in the following table.
Table Troubleshooting Access Control Issues
Symptom or Error Message |
Diagnostic Steps or Cause |
Solution |
|---|---|---|
Employee user has trouble logging into a Siebel customer application. |
It is not recommended to use an Employee login account to access a customer application (such as Siebel Sales). |
Give the Employee user a separate login account for the customer application. |
Cannot delete Division records. |
You cannot delete division records because business components throughout your Siebel application refer to organizational records. Deleting a division might cause invalid references on transactional records. |
Rename the division or promote the division to an organization. |
Cannot modify seed responsibility. |
Seed responsibilities cannot be modified or deleted. |
Make a copy of the seed responsibility you want to modify and make changes to the copy. |
Excessive synchronization time for some Mobile users. |
The Local Access control field in the Responsibility View list might not be set properly. This setting determines which views mobile users can work in offline. |
Make sure the Local Access control field in the Responsibility View list is set properly. For faster synchronization time, reduce the number of views that have local access. For more information, see Local Access for Views and Responsibilities. |
Unexpected refresh causes loss of data. |
When you enter records on particular views (for example, Service Request List View), records can appear lost if the underlying business component is re-queried before a user is assigned to the access list. This event can occur if the associated detail applet (for example, Service Request Entry applet) expands or collapses to show or hide additional fields. By default, if you collapse or expand a detail applet, the record is committed and the business component is queried again. |
You can override the default behavior by setting the RestrictedFieldActivation user property to FALSE; this stops the business component from being re-queried if the detail applet expands or collapses. You can set RestrictedFieldActivation to FALSE in a number of locations. However, for scalability reasons, it is recommended that you only set RestrictedFieldActivation to FALSE in the applet. To set the value of RestrictedFieldActivation in the applet, you add it to the user properties of the applet in Siebel Tools. You can also specify the view mode where you disable an automatic re-query of the business component when a detail applet collapses or expands. To specify the view mode, add the following entry to the user properties of the applet in Siebel Tools:
For example, the following entry overrides the default behavior in the Personal view mode:
|
Multiple sessions of an eCustomer application are opening in the same browser, without throwing any session warning message. |
An eCustomer can open multiple sessions of eCustomerObjMgr_enu in the same browser (all HTML5-compliant browsers) without receiving a session warning message. |
The multiple sessions warning message only works on regular (login) sessions and does not work on anonymous browsing sessions that circumvent the login page (for example: SWECmd=GotoView). There is no request for login if an anonymous user has access to the home page and the object manager session is directed to the home screen (via SWECmd=GotoView). For the multiple sessions warning message to appear in an anonymous browsing session, you must request the login page using a regular session instead of anonymous browsing. Instead of using the SMECmd=GotoView mechanism in the application interface, define the start page at the application level (for example, in Siebel Tools). |
Troubleshooting Secure Parameter Settings
This topic describes problems related to either enabling or disabling certain secure parameter settings. To resolve the problem, look for it in the list of Symptoms or Error messages in the following table.
Table Troubleshooting Secure Parameter Settings
Parameter Setting |
Symptom or Error Message |
Diagnostic Steps or Cause |
Solution |
|---|---|---|---|
Enable XSS Filter |
The Siebel application freezes when a user selects the OK button on a Siebel screen. |
Make sure that Enable XSS Filter is set to Y. |
Do not disable the Enable XSS Filter setting. |