CRM Conundrum: Fetching IP Address in Siebel

Thursday, April 14, 2011

Fetching IP Address in Siebel

Security is like superstition. Hits are always counted while misses doesn't. Recently i was asked to enhance security measure of our siebel ebusiness applications by tracking the IP address along with the login of the client. The first thought that came to mind was @#$@#$@# but then again why-to-fear-when-google-is-here happened. I found a lesser heard OOB business service which returns the session variables, cookies information and many more useful stuff.

"Web Engine HTTP TXN” business service can do the trick for you. Details of this BS is avialable on the support web in "TECHNICAL NOTE 317". "GetAllServerVariables" and "GetServerVariables" are key methods here for fetching the Login and IP address respectively. I followed below steps in order to capture the IP address of the logged in user.

1 - Create a action set which calls a workflow. In this workflow we will have two steps:

First step calls "Web Engine HTTP TXN" with method "GetServerVariables". The input argument to this BS should be "REMOTE_HOST" and "AUTH_USER_ID". This returns the host ip address and logged in user id respectively.
Second step makes use of "Inbound E-mail Database Operations" business service with method "InsertRecord". It inserts the fetched IP address and User Id values in the desired audit table.

2 - Invoke the above created action set by using Application Login run time event.

This business service is extensively used for session management and cookies handling. Digging deep will reveal the true power of this BS.

Happy Securing!!

9 comments:

Alex said...: Nice post! With your approval, may I add this to the Business Service series on Siebel Essentials?; April 14, 2011 at 1:36 AM
Arunesh Mishra said...: I LAU the way you detailed this BS, this helps; October 25, 2013 at 4:19 AM
DKS said...: This comment has been removed by the author.; April 7, 2014 at 1:37 PM
DKS said...: This comment has been removed by the author.; April 7, 2014 at 1:41 PM
DKS said...: Thanks a lot Rahul, finally got it working and able to fetch all the required values. After some trial & error

DKS; April 8, 2014 at 8:55 AM
Unknown said...: For Sucessfull login attempts you need not use the BS mentioned in this blog. look at the

http://docs.oracle.com/cd/B40099_02/books/ContentPub/ContentPub_UsageCollect2.html

For Failed Login attempt currently there is no solution to capture the detials.; June 26, 2014 at 7:25 AM
Siebelish said...: Vaibhav,
Thanks for comment. In order to use above log, you need to enable content management workflows while this BS can can be used for lot of things.

Regards,
-Rahul-; June 30, 2014 at 2:05 AM
Unknown said...: Rahul,
Agree that the BS does gives more info. other then just IP address.

Secondly just want to clarify regarding my comment of "Capturing Failed Login", when I wrote "No solutionn" what I ment is we can Get the detials from "Web Engine Interface" BS -- "Request" method but its not recomended as it will hit the performance of the application very badly, hence its not a right solution.

Vibhav Kelkar; July 6, 2014 at 5:22 AM
Siebelish said...: Vibhav,
I am not sure how taxing it is on system. It depends on its implementation. This BS is frequently used to set/retrieve cookies in real life scenarios. Elaborative example you can find in tech note 317 on support web.

Regards,
-Rahul-; July 7, 2014 at 2:27 AM