Applies to:
Siebel Sales - Version 7.5.3.5 [16183] and later
Information in this document applies to any platform.
*** Checked for Relevancy 27-Feb-2013 ***
Symptoms
When starting an application object manager (AOM) that uses the
Siebel standard LDAP Security Adapter (LDAPSecAdpt), the process fails
with the following error in the log file:
SBL-SEC-00002: An error occurred loading the security adapter library. Please contact your system administrator for assistance.
This is applicable for Siebel versions 7.3.5 and higher.
Cause
This error pattern is typically the result of the required IBM LDAP
client software not being installed on the Siebel server(s). The Siebel
standard LDAP Security Adapter (LDAPSecAdpt) relies on code libraries
provided by the IBM software. This is true regardless of what external
LDAP directory the adapter will be connecting to.
This requirement is documented in the Security Guide's section on External Security Adapter Authentication.
Solution
To resolve this behavior, please install the appropriate version of the IBM LDAP Client software:
- Siebel 7.5, 7.7, and 7.8 requires the IBM 5.1 LDAP Client.
- Siebel 8 requires the IBM 6.0 LDAP Client.
The software is provided free of charge in the Server Ancillary
Programs folder of the Siebel installation media. It will also be
created if the appropriate option is checked when extracting an
installation image from http://edelivery.oracle.com.
Instructions for installing and configuring the IBM software can be
found in the Security Guide on the appropriate Siebel Bookshelf.
Applies to:
Siebel System Software - Version: 7.8.2 [19213] and later [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)
Product Release: V7 (Professional)
Version: 7.8.2 [19213]
Database: Oracle 9.2.0.4
Application Server OS: Sun Solaris 9
Database Server OS: Sun Solaris 9
This document was previously published as Siebel SR 38-3009105001.
Symptoms
SBL-SEC-00002, SBL-SEC-00001We have set up a vanilla 7.8 environment in which to test our custom security adapter originally
built for Siebel 7.5. We have built and deployed the library (DLL), but continue to receive
"SBL-SEC-00002: An error occurred loading the security adapter library" in both the OM and SWSE
logs. We need assistance troubleshooting this error.
Cause
Change request 12-1E3A060
Solution
Message 1
The customer had compiled a custom security adapter using the security
adapter SDK found in Technical Note 415: “Siebel Security Adapter
Software Developers Kit for Siebel Versions 7.5, 7.7 and 7.8”. This
custom security adapter was working as expected in Siebel version 7.5 on
the Solaris platform. The customer is upgrading to Siebel version 7.8
on the Solaris platform.
Beginning in Siebel version 7.7, the security adapter enterprise profile
was introduced to move the security adapter parameters into the named
subsystem in the Gateway server instead of the Object Manager
config(.cfg) file.
To troubleshoot this behavior, security adapter logging was enabled
following the information in FAQ 2168. Since the actual code in a custom
security adapter is beyond the scope of Siebel technical support and
requires assistance from other resources like Siebel Expert or
Professional Services, the troubleshooting approach was simplified by
compiling the sample security adapter that is contained in the security
adapter SDK. This sample security adapter has very little infrastructure
dependencies and does not require entities such as a LDAP directory in
order to function.
<continued>
Message 2
The sample security adapter successfully loaded in Siebel version 7.5
with the Object Manager .cfg file security adapter configuration. The
secsamp.so was then moved to the Siebel version 7.8 siebsrvr/lib
directory and the following setup was configured:
OM component parameters
Security Adapter Name : SampleSec
Security Adapter Mode: CUSTOM
New SampleSec(alias) Enterprise Profile(subsystem type: InfraSecAdpt_Custom)
CustomSecAdpt_CRC = <checksum value>
CustomSecAdpt_SecAdptDllName = secsamp
ConfigFileName = /vol1/public2/siebsrvr/bin/enu/sample.cfg
ConfigSectionName = Sample
sample.cfg(located in siebsrvr/bin/enu/) :
[Sample]
dbUsername = sadmin
dbPassword = sadmin
<continued>
Message 3
The following error occurred:
n++1021 2006-05-01 09:58:09 2006-05-01 09:58:10 -0600 00000011 001 003f
0001 09 SSEObjMgr_enu 4143 5047 13 /vol1/public2/siebsrvr/
enterprises/public2/pubapp01/log/SSEObjMgr_enu_4143.log 7.8.2 [19213] ENU
GenericLog GenericError 1 0 2006-05-01
09:58:09 (secmgr.cpp (1587) err=7000002 sys=0) SBL-SEC-00002: An
error occurred loading the security adapter library. Please contact your
system administrator for assistance.
SecMgrLog Debug 5 0 2006-05-01 09:58:09 SecAdptName = SampleSec
SecMgrLog Debug 5 0 2006-05-01 09:58:09 SecAdptMode = 3
SecMgrLog Debug 5 0 2006-05-01 09:58:09 SecAdptDllName = secsamp
SecMgrLog Debug 5 0 2006-05-01 09:58:09 PropagteChange = FALSE
SecMgrLog Debug 5 0 2006-05-01 09:58:09 computed checksum of security adapter library = ''
SecMgrLog Debug 5 0 2006-05-01 09:58:09 HashUserPwd = FALSE
SecMgrLog Debug 5 0 2006-05-01 09:58:09 HashDBPwd = FALSE
SecMgrLog Debug 5 0 2006-05-01 09:58:09 HashAlgorithm = RSASHA1
SecMgrLog Debug 5 0 2006-05-01 09:58:09 bMFCShell = TRUE
SecMgrLog Debug 5 0
SecMgrLog Debug 5 0 2006-05-01 09:58:09 dbusername = sadmin
<continued>
Message 4
SecMgrLog Debug 5 0 2006-05-01 09:58:09 singlesignon = FALSE
SecMgrLog Debug 5 0 2006-05-01 09:58:09 dbpassword = sadmin
SecMgrLog Debug 5 0 2006-05-01 09:58:09 useadapterusername = FALSE
GenericLog GenericError 1 0 2006-05-01
09:58:09 (secmgr.cpp (2278) err=7000002 sys=0) SBL-SEC-00002: An e
ror occurred loading the security adapter library. Please contact your system administrator for assistance.
The above indicated that parameters for the security adapter was loading but the adapter itself failed to load.
This behavior was resolved by changing the settings:
CustomSecAdpt_CRC = 0
CustomSecAdpt_SecAdptDllName = /vol1/public2/siebsrvr/lib/secsamp.so
ConfigFileName = /vol1/public2/siebsrvr/bin/enu/sample.cfg
Various combinations of the above parameters were attempted and it was
found that CustomSecAdpt_CRC = 0 (disabled) and
CustomSecAdpt_SecAdptDllName needed to be set to the full path of the
security adapter including the .so extension.
<continued>
Message 5
Change request 12-1E3A060 “secsamp.so(Sample security adapter) does not
load in 7.8 but works in 7.5” was entered as a product defect as all the
features of the custom profile were not available on the Solaris
platform
Change request 12-1E6ZJ83 “More logging information for SBL-SEC-00002
error when loading a security adapter” was entered as a product
enhancement for detail on why the security adapter itself does not
load(examples: permissions, .dlopen() call etc..)
Applies to:
Siebel Finance Sales - Version 7.5.3.15 SIA [16279] and later
Information in this document applies to any platform.
*** Checked for relevancy 21-Feb-2013 ***
Goal
Will a custom security adapter developed for Siebel 7.5 and using the
interface defined in Note 476962.1 work unchanged with version 8?
Fix
Since the software developer kit (SDK) discussed in Note 476962.1
creates custom software, Oracle cannot provide you with a definitive
answer to this question. As stated in Note 476962.1, neither the use of
the SDK or adapters created with it are supported by Oracle Global
Customer Support. Furthermore, Oracle cannot guarantee compatibility
with future releases of the product. That being said, we can provide
some general observations that may be of use to you.
First of
all, the SDK itself has not changed between 7.5 and the current 8.0.0.x
releases. So at the very least the basic code libraries should be
compatible.
There have been, however, significant changes in how
the Siebel application interacts with security adapters between 7.5,
7.7/7.8, and 8.x. The changes that are the most probable to have
potential impacts are the ones that happened between 7.5 and 7.7. This
is the point at which security adapter parameters were moved out of the
individual application configuration files (for example siebel.cfg,
uagent.cfg, etc.) and into named enterprise profiles within the Siebel
Enterprise Backing Store (LDAPSecAdpt, ADSISecAdptADSISecAdpt,
etc.). The second major change is that Windows Integrated
Authentication (WIA) based web single sign-on (SSO) became a standard
feature in 7.7 no longer requiring the use of a custom security adapter
as described in Note 477108.1. Finally, Siebel 7.7 no longer supported
Siebel password hashing and required the use of SHA-1 hashing.
Between
7.7/7.8 and 8.0, there was the introduction of a more robust
LDAPSecAdpt that was capable of communicating with Active Directory
servers on all supported platforms. This was due to the change from
underlying IBM 5.0 LDAP Client libraries to the IBM 6.0 LDAP Client
libraries. Obviously if your customer adapter utilizes the shipped LDAP
security adapter functionality and libraries, it will probably require
updating to work with Siebel 8.0.
Oracle Support's experience
with these types of issues has been that most of the custom security
adapters work after some relatively minor tweaking of the configuration
(as opposed to the code). In some cases, however, the specific
functionality being invoked by the custom adapter were not compatible
and the alternative solutions had to be found or designed. The only way
you will know for sure is to thoroughly test your custom security
adapter in a development Siebel 8 environment prior to rolling it out to
production.
There are a variety of Metalink notes available on
custom security adapters and the SDK. You may find the following to be
particularly useful: 478022.1, 484645.1, 497314.1, and 529726.1.
אין תגובות:
הוסף רשומת תגובה