AnonUsername and AnonPassword parameters used by the Siebel Agent.

book

Article ID: 53151

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

The Agent Guide for Siebel v5.6 sp4 page 71 states the following:

Once installed, Siebel Security Adapter is called by the Object Manager every time a username and password are presented. This feature allows SiteMinder to integrate fully with Siebel and support both username and password-based signon, and the ticket-based single signon.

Having Object Manager call Security Adapter for every username and password presented does have one unintended consequence, which is that the Siebel Web Server Extension (WSE) connects to the Object Manager to download the Login page (typically SWELogin.swt file).

To make this connection, WSE sends a special username and password configured in the eapps.cfg file. By default, this username is SADMIN. When this username and password are sent to Security Adapter, Security Adapter passes it on to SiteMinder for verification. As long as the user exists in the SiteMinder's user store, with the password defined in eapps.cfg, WSE is able to download the login page. If the anonymous user does not exist in SiteMinder, WSE returns an error saying that the server is either busy or experiencing difficulties. In these cases adding a special user to the SiteMinder user store is not a good solution.

The eTrust SiteMinder agent for Siebel has a feature that allows sites to define one special user that the eTrust SiteMinder agent for Siebel will not verify against SiteMinder. To ensure security, use this feature only for the WSE.

The configuration settings AnonUsername and AnonPassword can be set to the username and password specified in the eapps.cfg file. These are case sensitive; sadmin is not the same as SADMIN. This is intended to match the behavior of most user directories supported by SiteMinder.

Which is a good explanation except for the fact that it does not state where to add these parameters to the agent configuration.

Solution:

These parameters need to be added to the SmSiebelSSO.conf file located in the {SiebelAppServerInstallDir}\bin directory as follows:

AnonUserName=SADMIN
AnonPassword=[NDSEnc-C]xWYX+1VnRRwvvZ7qaj5rPT8XsR5I7zj8

The NPSEncrypt tool can be used to encrypt the password, otherwise it can be placed in the file as a clear text password.

Environment

Release:
Component: SMSSS