- Title and Copyright Information
- Preface
- 1 What's New in This Release
- 2 About Security for Siebel CRM
- About Security for Siebel CRM
- About This Guide
- General Security Concepts
- Industry Standards for Security
- About Supported Security Products
- Siebel Security Architecture
- Web Sites with Security Information
- Using Transport Layer Security with Siebel CRM
- Supported TLS and SHA Versions
- About Siebel Open UI
- Roadmap for Configuring Security
- 3 Changing and Managing Passwords
- Changing and Managing Passwords
- About Managing and Changing Passwords
- About Default Accounts
- Changing Siebel Administrator Account Password
- Changing the Anonymous User Password When a User Account is set to Anonymous User
- Changing the Table Owner Password
- Troubleshooting Password Changes By Checking for Failed Server Tasks
- About Siebel Gateway Authentication Password
- Encrypted Passwords in Siebel Application Interface Profile Configuration
- Changing Encrypted Passwords Using the Siebel Management Console
- About Encryption of Siebel Gateway Password Parameters
- About the Object Manager’s First Connection and LDAP User
- 4 Communications and Data Encryption
- Communications and Data Encryption
- Types of Encryption
- About Certificates and Key Files Used for TLS Authentication
- Process of Configuring Secure Communications
- Installing Certificate Files
- Configuring TLS Mutual Authentication for SHA-2 Certificates Using EAI HTTP Transport
- About Configuring Encryption for Siebel Enterprise and Siebel Application Interface
- About Key Exchange for TLS Encryption
- Configuring TLS Encryption for a Siebel Enterprise or Siebel Server
- Configuring TLS Encryption for Siebel Application Interface
- Enabling SSL Acceleration for Application Interface/Enabling HTTP
- About Configuring Encryption for Web Clients
- Configuring Encryption for Mobile Web Client Synchronization
- About Data Encryption
- About Siebel Encryption
- Configuring Encryption and Search on Encrypted Data
- Encrypting Columns in a Business Component
- Managing the Key File Using the Key Database Manager
- Security Considerations for Unicode Support
- About Encoding UI Values
- 5 Security Adapter Authentication
- Security Adapter Authentication
- About User Authentication
- About Siebel Security Adapters
- About Database Authentication
- Implementing Database Authentication
- About Authentication for LDAP Security Adapter
- Process of Implementing LDAP Security Adapter Authentication
- Requirements for Implementing an LDAP Authentication Environment for Oracle LDAP Client Installation
- About Creating a Database Login for Externally Authenticated Users
- Setting Up the LDAP Directory
- Creating Users in the LDAP Directory
- Adding User Records in the Siebel Database
- LDAP Security Adapter Authentication Parameters in the Siebel Application Interface Profile
- Configuring Security Adapter Parameters for Siebel Gateway
- Configuring LDAP Authentication for Developer Web Clients
- Restarting Servers
- Testing the LDAP Authentication System
- About Authentication for Siebel Gateway Access
- About Authentication for Mobile Web Client Synchronization
- Installing and Configuring Oracle LDAP Client Software
- Configuring Security Adapters Using the Siebel Management Console
- Migrating from Database to LDAP Authentication
- Security Adapter Deployment Options
- Security Adapters and the Siebel Developer Web Client
- About Password Hashing
- Process of Configuring User and Credentials Password Hashing
- Running the Password Hashing Utility
- Setting the ConfigLdapAuthTimeout Parameter
- Setting the ConfigLdapFailoverTimeout Parameter
- 6 Single Sign-On Authentication
- Single Sign-On Authentication
- Supported Single Sign-On Solutions for Siebel Deployment
- About Web Single Sign-On
- About Implementing Web Single Sign-On
- Web Single Sign-On Authentication Process
- Requirements for Standards-Based Web Single Sign-On
- Set up Tasks for Standards-Based Web Single Sign-On
- Configuring the Session Timeout
- Configuring Siebel CRM and Oracle Business Intelligence Enterprise Edition for Web Single Sign-On
- Configuring Siebel Migration Application for Web Single Sign-On
- Web Single Sign-On Authentication Process When Using Siebel REST and Web Services in Portal Application
- About Implementing Federated Single Sign-On
- Federated Single Sign-On Authentication Process for Interactive User Interfaces
- Single Sign-On between Siebel and Identity Cloud Service through SSO or Open ID
- Identity Provider-Initiated Single Sign-On Authentication Process
- About Oracle API Gateway Role in Single Sign-On Authentication Process
- Security Adapter Configuration When SSO is Enabled
- Configuring Single Sign-On with a Database Security Adapter
- Using OAuth with Siebel REST
- Using OAuth with Siebel REST Inbound Web Services
- Setting Siebel EAI Application Object Manager for LDAP/SSO
- Setting Siebel EAI Application Object Manager for DB/SSO
- Configure and Register OAuth Client in OAuth Server
- Steps to Create Confidential Application in IDCS Without Introspect Option for use as OAuth Client
- Inbound REST Requests and OAuth Scopes
- Configuring Application Interface To Use OAuth For Siebel REST Inbound Authentication
- Client Application using Siebel REST with OAuth
- Client Credentials Grant Authentication Flow
- Generate Bearer Token
- Testing Introspection URL using Postman
- Testing REST API Calls to Siebel using Postman
- Configuring OAuth Support for Siebel REST Outbound Connections
- Configuring OAuth Support for Siebel REST Outbound Connections
- Using OAuth with Siebel REST Inbound Web Services
- 7 Siebel Application Interface Security Features
- Siebel Application Interface Security Features
- About the Siebel Web Client and Using HTTPS
- Implementing Secure Login
- Logging Out of a Siebel Application
- Login User Names and Passwords
- Account Policies and Password Expiration
- About Using Cookies with Siebel Business Applications
- About Service Discovery Initiated by Trusted and Untrusted Sources in Siebel Application Interface
- 8 User Administration
- User Administration
- About User Registration
- About Anonymous Browsing
- Process of Implementing Anonymous Browsing
- About Self-Registration
- User Experience for Self-Registration
- Process of Implementing Self-Registration
- Identifying Disruptive Workflows
- About Managing Forgotten Passwords
- Retrieving a Forgotten Password (Users)
- Defining Password Length for Retrieved Passwords
- Architecture for Forgotten Passwords
- About Modifying the Workflow Process for Forgotten Passwords
- Modifying Workflow Process to Query Null Fields
- Modifying Workflow Process to Request Different Identification Data
- Modifying the User Interface for User Registration
- Modifying Input Arguments for the Workflow Process
- Internal Administration of Users
- About Adding a User to the Siebel Database
- Delegated Administration of Users
- Maintaining a User Profile
- 9 Configuring Access Control
- Configuring Access Control
- About Access Control
- Access Control Mechanisms
- About Personal Access Control
- About Position Access Control
- About Single-Position Access Control
- About Team (Multiple-Position) Access Control
- About Manager Access Control
- About Organization Access Control
- About Single-Organization and Multiple-Organization Access Control
- About Suborganization Access Control
- About All Access Control
- About Access-Group Access Control
- Planning for Access Control
- Setting Up Divisions, Organizations, Positions, and Responsibilities
- About View and Data Access Control
- Listing the Views in an Application
- Responsibilities and Access Control
- Viewing Business Component View Modes
- Configuring Access to Business Components from Scripting Interfaces
- Viewing an Applet’s Access Control Properties
- Listing View Access Control Properties
- Example of Flexible View Construction
- About Implementing Access-Group Access Control
- Implementing Access-Group Access Control
- Managing Tab Layouts Through Responsibilities
- Managing Tasks Through Responsibilities
- Administering Access Control for Business Services
- Administering Access Control for Business Processes
- Clearing Cached Responsibilities
- About Configuring Visibility of Pop-Up and Pick Applets
- About Configuring Drilldown Visibility
- Party Data Model
- 10 Troubleshooting Security Issues
- 11 Authentication Related Configuration Parameters
- Authentication Related Configuration Parameters
- Server Parameters for Siebel Gateway
- Security Profile Configuration for Siebel Gateway
- Parameters for Configuring Security Adapter Authentication
- Authentication and Security-Related Parameters in the Enterprise Profile
- Security-Related Parameters in the Server Profile
- Siebel Application Interface Profile Parameters
- Authentication Parameters in Siebel Application Interface Profile
- About the Active Session Timeout Value Parameter
- Application Object Manager Parameters in Siebel Application Interface Profile
- SWE Parameters in Siebel Application Interface Profile
- REST Inbound Authentication Parameters in Siebel Application Interface Profile
- Siebel Application Configuration Parameters
- 12 Seed Data
- 13 Siebel Security Hardening
- Siebel Security Hardening
- About This Chapter
- Overview of Security Threats, Recommendations, and Standards
- Securing the Network and Infrastructure
- About Securing the Network Infrastructure
- Network Zones and Firewalls
- Guidelines for Assigning Ports on Firewalls
- Guidelines for Deploying Siebel Business Applications Across a Firewall
- Routers
- Network Address Translation
- Load Balancers
- Proxy Servers
- Forward Proxy Servers
- Reverse Proxy Servers
- Procedure to Configure Reverse Proxy
- Virtual Private Networks
- About Using Internet Protocol Security
- Preventing Denial of Service Attacks
- Recommended Network Topology
- Removal of Siebel Application Interface Dependency on Oracle Database Client
- Network Authentication and Monitoring
- Enabling Encryption of Network Traffic
- Enabling Encryption Between the Web Client Browser and Web Server
- Enabling Encryption Between the Web Server and Siebel Server
- Enabling Encryption Between the Siebel Server and Siebel Database
- Enabling Encryption for Security Adapters
- About Using TLS with Siebel Enterprise Application Integration (EAI)
- Securing the Siebel Web Server
- Securing the Siebel Server
- Securing the Siebel Client
- Securing Mobile Clients
- Securing Siebel Remote
- Securing the Synchronization Framework
- Authenticating the Mobile Web Client
- Encrypting Communications
- Encrypting DX Transaction Files
- Using a VPN When Synchronizing Through the Internet
- Encrypting Data in the Local Database and File System
- Local Database
- Local Siebel File System
- Defining Password Management Procedures
- Securing Mobile Devices Running Siebel Business Applications
- Securing the Siebel Document Server
- Securing Email Communications
- Securing the Siebel Reports Environment
- About Securing the Network Infrastructure
- Securing the Operating Systems
- Protecting Files and Resources
- Securing the Siebel File System
- Assigning Rights to the Siebel File System
- Assigning Rights to the Siebel File System on Windows
- Assigning Rights to the Siebel File System on UNIX
- Excluding Unsafe File Types from the Siebel File System
- About Potentially Unsafe File Types
- Enabling File Extension Checking
- About File Extension Checking on the Siebel Mobile Web Client
- Assigning Rights to the Siebel Service Owner Account
- Applying Patches and Updates
- Securing the Siebel Database
- Securing Siebel Business Applications
- About Securing Applications
- Guidelines for Deploying Siebel Business Applications
- About Disabling Siebel Components
- About User Authentication
- Implementing Password Management Policies
- Reviewing Special User Privileges
- About Implementing Authorization and Access Control
- Implementing Personal Visibility for the User Profile View
- About Securing Application Data During Configuration
- About Message Broadcasting
- About Securing Third-Party Applications
- Implementing Auditing
- Performing Security Testing
- Supported Security Standards
- Default Port Allocations