This section contains the following topics:
Selecting and Configuring Database Credentials
Following are the minimum requirements for using this product:
For updated information about platform and web server support, see the appropriate Platform Support Matrix available in the CA Support website.
To ensure security, SessionLinker must be installed. Although this product provides single sign-on to Siebel without SessionLinker, unless SessionLinker is installed, the integration is not secure.
SessionLinker prevents session synchronization issues by monitoring the CA SSO Session ID header and the Siebel session cookie sent by the user. When the two sessions diverge, action is taken to prevent the application from operating until a new session within Siebel is established. By default, the action is to destroy the existing session, which forces Siebel to create a new session for the correct user. Another possibility is not to destroy the existing session, but instead, to redirect the user to a configured redirect URL.
Note: The configuration parameter for SessionLinker is COOKIE=_sn.
Once an external authentication system such as CA SSO is implemented, Siebel is no longer capable of employing the individual user’s credentials to connect to the database for the following reasons:
The Siebel Object Manager continues to communicate with the database for all data; however, because users no longer present credentials that the Object Manager can use to connect on their behalf, a special administrative account is necessary. This account’s credentials need not be published, and are not used by any person or application other than the Siebel Object Manager.
The use of a generic database user does not in any way impair the ability to audit user activity because Siebel’s internal access control, data protection, and audit capabilities continue to operate as with individual user database accounts. A database account should be created and the password set to a complex, non-guessable value.
A benefit of Siebel using a generic database account is that after this product is installed, individual database accounts are no longer necessary. This relieves the system of the administrative burden of account creation, password maintenance or synchronization, and removal upon termination of employment.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|