SiebelSupport

-Learning the sharing way :)

Wednesday, January 14, 2015

URL-Based Authentication in Siebel will no longer be supported

By on 4:28 PM

Currently, Siebel Business Applications provide options for authenticating HTTP EAI and HTTP Web service requests through credentials that can either be passed as a part of the request body, or as a part of the request URL.

From Siebel CRM version 8.2.2.0 and Siebel CRM version 8.1.1.9, Oracle recommends that you do not use URL-based authentication for any integration with a Siebel application. By default, this authentication method will be disabled in Siebel Business Applications. Following the release of Innovation Pack 2013, Oracle will no longer support any use of URL-based authentication.

Why this change?

Oracle is committed to providing customers with a range of solutions for authentication. However, a number of attack vectors have been established for URL-based authentication and, accordingly, URL- based authentication is no longer regarded as an acceptably secure mechanism for enterprise applications. In addition, the inclusion of credentials in the URL can lead to the inadvertent exposure of a user’s credentials if the user shares a URL as a bookmark or favorite.

What is supported?

Siebel Business Applications support the Web Services Security (WS-Security) specification industry standard. The WS-Security specification is a Web services standard that supports, integrates, and unifies multiple security models and technologies, allowing a variety of systems to interoperate in a platform-independent and language-independent environment.

Transitional solution

Oracle understands that some customers will need time to implement these changes, and that in the case of integrations, many of the users of URL-based authentication are either external consumers, or in projects not directly related to the Siebel CRM program.

As a transitional arrangement, therefore, Oracle is providing a parameter, EnableURLCredentials, which you can add to the eapps.cfg file. Set the value of the EnableURLCredentials parameter to TRUE to enable the continued use of URL-based authentication.

The following table shows how the EnableURLCredentials parameter affects the default setting for URL-based security credentials authentication that has been configured for a Siebel CRM release. 


Siebel Application Version Default Setting for URL-based Authentication EnableURLCredentials Parameter Value TRUE FALSE Any Other Value 8.2.2.0 or higher Disabled Enabled Disabled Disabled 8.1.1.9 or higher Enabled Enabled Disabled Enabled

End of transitional solution

Following the release of Innovation Pack 2013, Oracle will no longer support any use of URL-based authentication, and the EnableURLCredentials parameter will be removed from the Siebel CRM product. All customers must plan on using alternative authentication schemes before this time.

SiebelSupport - Learning the sharing way :)

When you know a thing, to hold that you know it, and when you do not know a thing, to allow that you do not know it - this is knowledge.

0 comments:

Post a Comment

Labels

ADSI authentication ADSISecAdpt apiinstaller.jar Applet User Properties Barcode fonts in PDF Best Practices BI Publisher BI Publisher 11g BI Publisher Desktop BI Publisher Desktop 10.1.3.2 BI Publisher template error BIP Performance tuning BUG 19469254 Create iPad Reports CRM on Demand R19 Deployment Guide - IP2014 Desktop Integration Siebel Agent (DISA) EAI Object Manager EnableURLCredentials ENTERPRISE NAME IS TRUNCATED DURING MIGRATION INSTALL IN LINUX PLAT Escripting External Business Components (EBCs) Generate Trigger Get a 20% Discount on Oracle Training How To Incorrect missing encryption key Incremental Repository Merge (IRM) Install Barcode fonts in BIP Server Integration Object IP2014 IP2014 Patch Set 1 IP2014 Patchset 2 IP2015 IP2015 Patchset 1 (15.1) IsRecordSensitive JDeveloper jqmtoolbarrenderer.js LDAP LDAPSecAdpt log level of SWSE Menu in Siebel Open UI new theme in Siebel 8.1.1.11 Open UI NFS OBIEE Integration on Siebel 7.8.2 Oracle Database XE Oracle Fusion Middleware Oracle Integration Cloud Services (ICS) Oracle WebLogic Server Override Custom Theme In Open UI Without Deleting The User Preferences Files Of All Users Performance Tuning Quiz Release Notes Responsive Web Design REST SAI REST SAP BusinessObjects Data Quality SavePreferences SBL-DAT-00222 SBL-DAT-00522 SBL-DBC-00107 SBL-SEC-10001 and SBL-DAT-00565 SBL-SEC-10018 Siebel - Oracle Real-time Scheduler Integration SIEBEL 8.1.1.14 ENVIRONMENT VARIABLE INSTALL ISSUE Siebel 8.1.1.8 Fix Pack Siebel 8.1.1.9 / 8.2.2.2 Siebel Administration Siebel Analytics Siebel BI Publisher Reports Siebel Composer Siebel Composer Developer Preview Siebel CRM 15.0 Siebel CRM 8.1.1.10/8.2.2.3 Siebel CRM Innovation Pack 2015 Siebel Delta Files (SDF) Siebel Email Marketing Siebel Filesystem Siebel Innovation Pack 2016 Siebel License Keys Siebel Open UI Siebel Open UI Manifest Siebel Release 15.1 Siebel Reports Siebel RESTful Services Siebel Server Cloning SPF Symbolic URL Synergy Open UI Theme Synergy Theme Open UI - Siebel CRM Innovation Pack 2015 Videos What is Workflow Policy OR

Tags