Siebel / WebSEAL SSO Configuration (Doc ID 525791.1)

Last updated on DECEMBER 19, 2016

Applies to:

Siebel System Software - Version 7.7.2.4 [18365] and later
Oracle Solaris on SPARC (64-bit)
Product Release: V7 (Enterprise)
Version: 7.7.2.4 [18365]
Database: Oracle 9i
Application Server OS: Sun Solaris 9
Database Server OS: Sun Solaris 9



Symptoms

We are trying to configure a Siebel Environment for WebSSO authentication using Siebel 7.7.2.4 and IBM Tivoli Access Manager WebSEAL version 5.1.

When attempting to log-in to Siebel using an incorrect user (eg the user exists in the WebSEAL LDAP directory, but does not exist in the Siebel LDAP directory) we get the expected behaviour – the Siebel incorrect username/password screen.

When we attempt to log-in using a valid user we get a malformed home page which has an “Error connecting to server” message at the top. Please see the attached screenshot for further details. When viewing the HTML for the page, I can see the value for the URL in the bottom frame. When this is pasted into a new Internet Explorer window we get an error message stating: “We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.(SBL-UIF-00335)”. Please see the second screen shot for full details.

The WebSEAL server, Siebel Gateway, Siebel WSE and Siebel Application Server reside on the same host. The LDAP server, used by both Siebel and WebSEAL, resides on another host.

We have confirmed that the Siebel/LDAP environment works correctly when Siebel is configured to authenticate via the LDAP security adaptor. I have managed to successfully regress changes made to the environment, restart Siebel, and successfully log in via the thin-client (by-passing WebSEAL). This indicates that the environment is works correctly with standard LDAP authentication, and that the error is introduced when changing the Siebel WSE configuration files and telling the Siebel LDAP Security Adaptor to use the Single Sign On method. I have attached the object manager log files produced using SSO and NORMAL login methods – there do not seem to be any apparent differences between the two.

I have also copied attached the eapps.cfg files and the WebSEAL configuration file.

Troubleshooting so far has involved changing individual c...

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms