Layer7 Access Management

Tech Tip : CA Single Sign-On : ERP Agent for Siebel does not intercept the request

  • 1.  Tech Tip : CA Single Sign-On : ERP Agent for Siebel does not intercept the request

    Posted 09-27-2016 10:44 AM

    Issue :

     

      Running ERP Agent, when the server receives the URL

     

      https://dgbsconsbl.telecomitalia.local:8444/swe/
      start.swe?SWECmd=GotoView&SWEView=CIM+My+Mdc+Interazione&IsPortlet=1

     

      the ERP Agent does not catch the request and as
      such cannot protect it. You have discovered that
      this was due to the fact that the Siebel Session data
      is not in the URL anymore (_sn).

     

    Environment :

     

      ERP Agent 5.6SP4CR23 32bit on Siebel 8.1.1.14

     

    Cause :

     

      Be aware that the Siebel Server doesn't support anymore
      the _sn nor the login data in the URL starting version 8.1.1.9 :

     

       "NOTE: Passing user credentials in the URL is not supported
        in Siebel CRM version 8.2, and Siebel CRM version 8.1.1.9
        and later."

     

        https://docs.oracle.com/cd/E14004_01/books/EAI3/EAI3_WhatsNew.html

     

      But the siebelstartup.pl relay on these elements in the URL :

     

      # *** Check for Siebel Time Out Scenario ***

     

      $SiebelTimeOut = "false";
      $CheckURL1 = "SWECmd=Login";
      $CheckURL2 = "_sn=";
      $strIndex1 = index($BaseSiebelUrl,$CheckURL1);
      $strIndex2 = index($BaseSiebelUrl,$CheckURL2);

     

      if ( ( $strIndex1 > 0 ) && ( $strIndex2 <= 0 ) )
      {
      $SiebelTimeOut = "true";
      }

     

    Resolution :

     

      If you want to make it working, you have
      to comment the following lines in the siebelstartup.pl file :

     

      $CheckURL2 = "_sn=";
      $strIndex2 = index($BaseSiebelUrl,$CheckURL2);

     

      if ( ( $strIndex1 > 0 ) && ( $strIndex2 <= 0 ) )
      {
      $SiebelTimeOut = "true";
      }

     

    KB : TEC1193076