Session Management WebServices

This post is for one who has been bamboozled by below interview question.


Question: "Can we have dynamic users for Created By/Updated By fields during upsert operations instead of SADMIN in siebel inbound webservices using standard authentication mechanism? "
Soln: Yes we can, provided we are running a version 8.0.0.4 or higher. Stateless session management siebel authorization is key here in the inbound services.
Below setup is required in order to make this thing work.


1 - SessionAccessService and SiebelUserProfileService - These two webservices should be active and point to correct object manager. They should use sesssion management(i.e WSSOAP = 1) mode. The authentication type for all the methods should be set to None.

2 - Import wsdl and Consume SessionAccessService WS. Make a call to SessionAccess service and obtain the session token for a new Siebel User Session. For this PING method is used. The SessionToken value from the response message represents the unique Session Key that is associated with the newly authenticated and established connection for the SADMIN user. This token will be resused in subsequent requests. 

3 - Import wsdl and Consume SiebelUserProfileService WS. Using the session token obtained in previous step call method "SetContactContext" of the SiebelUserProfileService. In order to maintain context it is critical to pass SessionToken key. We should also pass the input argument "Login Id" of the user 

of which we want to set the context. "SetContactContext" method is added to "SiebelUserProfileService" business service as part of ACR - 385. 

4 - Now once the proper context has been established, upsert call to the desired entity should be made using the original SessionToken Key within the SOAP Header section. check the thin client for the magic as updated by will display the new user login instead of user used to login object manager. 

I hope it helps you make more comfortable when someone asks this question . 

Happy Integration!!

Inbound Web Services

Web Services is one of the illusive part of siebel CRM. A lot has already been written about web services but for this category more is always less. This post is not about how to create inbound web service but to help you decide how to use them based on different scenarios.

Siebel makes use of UserName token mechanism for authentication and security. Based on the requirement following options are supported while implementing an inbound web service:

1 - The basic implemenation allows the userid and password to be included in the url of webservice. This can be opted when security is not of much importance.Following is an example of passing the user name and password by way of a URL:

http:///eai_enu/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&Username=SADMIN&Password=SADMIN

If you look at the "WebService" named subsystem it will have following parameters:

AllowAnonymous = False

Impersonate = FALSE

Along with this, make sure the operations have the Authentication Type set to None.

2 - We can also use the UserName tokens where security comes into picture. In this case the URL does not reveal the user credentials. In this instance url looks like as below:

http:///eai_anon_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute

It makes use of "SecureWebService" subsystem. If you look at the "SecureWebService" named subsystem it will have following parameters:

AllowAnonymous = False

Impersonate = True

The operations have the Authentication Type set to "Username/Password - clear text". This type requires the SOAP client to send security header information along with the request. This header information contains the userid and password.

3 - There are times when you don't want exteral system to send the userid and passwords. siebel provides us a way to create totally anonymous web service so that no credentials are required to invoke service. A sample web service url looks like:

http:///eai_anon_enu/start.swe?SWEExtSource=AnonWebService&SweExtCmd=Execute

We need to have a new NamedSubsytem "AnonWebService" with following parameters:

AllowAnonymous = TRUE

Impersonate = FALSE

Along with this, make sure the operations have the Authentication Type set to None.

Details of how to create anonymouse web service are given under support Id: 601681.1

If security is of the utmost importance, and if it is critical that the password not be provided in clear text, web services over HTTPS should be used. We will discuss more of Outbound scenarios in the upcoming posts till then keep discovering unlimited possibilities of web services.

How to create Outbound Web Service in Siebel?

Today, lets talk about how we can invoke an Outbound Web Service from Siebel. In the last post we learned how to test the WSDL using SOAPUI and I will use the same WSDL today (CurrencyConverter.wsdl) as the sample wsdl in this post.1. Import the WSDL into Siebel Tools.Create New Object. File Menu -> New Object -> EAI -> Web ServiceSelect the WSDL file pathBusiness Service will get created with

How to test a WSDL if it is working or not?

No matter if you are working in Siebel or not, if you are going to implement any Outbound Web Service, the first thing you wanna check if the WSDL file received from the 3rd party is working or not before you actually consume it and start the development.Same is the case with Siebel Tools, you require to consume it in Siebel tools which will result in creation of Web Service (which is nothing but

Integrating Siebel 8 With Oracle SOA Suite

Here is a complete documentation of how to pull Siebel data from an external application(JDeveloper)



Cheers!