Siebel CRM and URL Based Authentication

Remember this one?

http://myserver/callcenter_enu/start.swe?SWECmd=ExecuteLogin&SWEUserName=NotSADMINPlease&SWEPassword=yourpasswordincleartext

If you - for whatever reason - use URL-based authentication to load Siebel CRM application content in a browser or iframe then you should strongly consider reading Oracle Support Document 1496603.1 (Removing URL-Based Authentication in Siebel CRM).

In this document, Oracle recommends their customers to refrain from using the obviously insecure authentication via clear-text URL arguments (SWEUserName and SWEPassword). As a transitional solution, customers can add the EnableURLCredentials parameter to the eapps.cfg file (and set it to TRUE) to allow URL-based authentication.


However, Oracle plans to remove any support for URL-based authentication (and the aforementioned parameter) "following the release of Innovation Pack 2013".

So with IP 2014 around the corner, it's time to think about alternatives such as Single-Sign-On or Web Services Security.

Are you affected by this change? Please share your thoughts in the comments.

have a nice day

@lex

תגובות

פוסטים פופולריים מהבלוג הזה

Profile Attributes and Open UI

SBL-BPR-00191: The rowId of the active row of the primary buscomp '%1', '%2', does not match the Primary Id

SBL-SVC-00150