April 24, 2014

Does HeartBleed effects Siebel?

Does HeartBleed effects Siebel?

Siebel Heartbleed?
Heartbleed and Siebel?
Heartbleed is an OpenSSL implementation vulnerability which was discovered earlier this month and has global impact. It was discovered by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security.

By exploiting this flaw users could steal the private keys and can do all sorts of nasty stuff like man in the middle or forging attacks which seems to be possible only in theory.

It was the worst nightmare for the system engineers and many are still in process to determine the impact to their machines and patching them. According to the list all major web service provider (amazon to google ) were impacted.

As a Siebel customer how does it impacts you? Do you need to worry about your customer's or partner's accounts? 

Answer is a Yes!

Although this problem only impacts the Open SSL implementation on Linux environments, Oracle has still not certified Siebel CRM product as safe from the bug.
Read oracle link for HeartBleed certification:

Do you need to worry, even if Siebel is not interfaced with any other system?

Probably Yes, with stolen private key (which are usually common for most of the systems in an organisation) hackers can hack other systems. Try to answer these questions for your implementation then plan your strategy:

  1. Is siebel available to customers online? 
  2. Does siebel use SSL?
  3. Have you implemented Siebel on Windows or Linux? OOB Windows is safe from Heartbleed.
  4. Does your implementation communicates with other systems over SSL? for integrating any banking transactions? 
  5. Any third party client used to integrate with SSL? Putty or etc?

How to be safe?

  • Upgrade the Open SSL version : https://access.redhat.com/site/solutions/781793
  • Change your security certificates and keys.
  • Ask your users to change passwords.
  • Subscribe to security updates from Oracle : http://www.oracle.com/technetwork/topics/security/alerts-086861.html
For those who are unware of the bug refer:

Hope it helps.

February 14, 2014

Quiz: How to change the destination field of MVG?

This could be one of the most difficult Siebel Configuration Interview Question, it took me some time to understand it and found it quite amusing. Let us see how many of us could answer this. :)

Requirement: To change the destination field of an MVG. Siebel Provides option to change the source field of an MVG so that child records for some other key field can be fetched.

From Siebel tools help: 
MVG Source field Definition

Source Field (O)
Specifies the name of a source field that Siebel CRM uses to link the child business component with the source business component. The source business component is the business component that includes the object definition for the multivalue link. If the source field is different from the Id, then the Source Field property is required.

Requirement is to change the destination field, please bear in mind the MVG is based on M:M relation using a inter table. 

Update:  Sorry guys to being so late in responding to the comments.

Answer to the question is: Source Field and Destination Field of the M:M links can be modified just like 1: M link. Siebel supports having source and destination fields as well as inter-table on a link, this makes the links most configurable.

I have explained all the links in my latest post : Links Demystified

February 01, 2014

Siebel - Twitter Integration - Part 1: Authentication

This is post is second in series of Siebel Twitter Integration and will talk about logging in to twitter as an application.

Twitter has support two form of authentication, O-Auth Authentication and Application only authentication. For pulling tweets in Siebel we need Application only authentication, luckily which is technically easier than O-Auth and have more generous rate limits.

Before starting with Siebel configuration follow these steps:
  1. Create account on http://dev.twitter.com by agreeing to terms and conditions.
  2. Request to create your access token, and copy your Consumer Key and Consumer Secret.

Now copy paste following code to your repository, I prefer client side scripting as it easy to change.

StringToBase64 encoder

This is piece of code is required for encoding the Client Key and Client Secret to Base64 before sending it to twitter. Developers at siebel-tech.com has done wonderful work in converting String to Base64, which saved me lot of time. Thanks Iain.

function StringToBase64(Inputs, Outputs)
  // *************************************************************************
  // Purpose: Encodes to a Base64 string
  // Author: Iain Ollerenshaw
  // Date: 30-Jul-2013
  // Inputs: InString - string to be encoded
  // Outputs: Base64String - string in Base64
  // Modification History
  // Date          By                Details
  // 25-Jul-2013   Iain Ollerenshaw   Created
  // 2-Feb-2014    Jim  Updated
  // **************************************************************************


    // Define the Base64 codex
    var sCodex = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    var sOutput = "";
    var sInput = Inputs.GetProperty("InString");
    var iLen = sInput.length;
    // Parse input string
    var iPos = 0;
    while (iPos < iLen)
      var sChr1 = sInput.charCodeAt(iPos);
      var sChr2 = sInput.charCodeAt(iPos);
      var sChr3 = sInput.charCodeAt(iPos);
      // Shift bytes
      var iEnc1 = sChr1 >> 2;
      var iEnc2 = ((sChr1 & 3) << 4) | (sChr2 >> 4);
      var iEnc3 = ((sChr2 & 15) << 2) | (sChr3 >> 6);
      var iEnc4 = sChr3 & 63;
      if (isNaN(sChr2))
        iEnc3 = iEnc4 = 64;
      else if (isNaN(sChr3))
        iEnc4 = 64;
      sOutput +=(sCodex.charAt(iEnc1) + sCodex.charAt(iEnc2)+ sCodex.charAt(iEnc3) + sCodex.charAt(iEnc4));
    Outputs.SetProperty("Base64String", sOutput);  }
  {    throw(e);  }

Get Description / Set Description

This is a small piece of code which helps to get the description of any LOV value, I have used LOV as scratch pad to store access token in this example, I will explain to store an maintain these in custom Twitter dashboard. I thought of saving them in system preferences first, but it only has 100 char limit thus had to switch over to LOV Description column.

function GetDescription (sType,sName)
var boListOfVal = TheApplication().GetBusObject("List Of Values");
var bcListOfVal = boListOfVal.GetBusComp("List Of Values");
}else return("none");

function SetDescription (sType,sName,sDesc)
var boListOfVal = TheApplication().GetBusObject("List Of Values");
var bcListOfVal = boListOfVal.GetBusComp("List Of Values");
LOVs look like:

Main code for Twitter login is as follows:

//Get Consumer Key and consumer Secret from LOV Description
var sConsumerKey = GetDescription("TWITTER_TOKEN","ConsumerKey");
var sConsumerSecret = GetDescription("TWITTER_TOKEN","ConsumerSecret");

//Encode Key and Secret into Base64
var inp = TheApplication().NewPropertySet();
var op = TheApplication().NewPropertySet();
inp.SetProperty("InString",sConsumerKey + ":" + sConsumerSecret);

//Use EAI HTTP Transport to call Twitter API to login.
var httpSvc= TheApplication().GetService("EAI HTTP Transport");
var httpIn = TheApplication().NewPropertySet();
httpIn.SetProperty("HDR.Authorization","Basic " + op.GetProperty("Base64String"));
httpSvc.InvokeMethod("SendReceive", httpIn, Outputs);

//Transcode the JSON response into UTF-8
var oTransService = TheApplication().GetService("Transcode Service");
var oTransOutputs = TheApplication().NewPropertySet();
Outputs.SetProperty("ConversionMode", "EncodingToString");
Outputs.SetProperty("TargetEncoding", "UTF-16");
Outputs.SetProperty("SourceEncoding", "UTF-8");
oTransService.InvokeMethod("Convert", Outputs, oTransOutputs);
var sResponse = oTransOutputs.GetValue();

//Convert the JSON response to property set
var oJSONConverter = TheApplication().GetService("EAI JSON Converter");

//extract access_token and clip
var token = Outputs.GetChild(0).GetProperty("access_token");
token = token.substring(1,token.length-1);

//Save the token for future use

This access token will be used in all the future communications with twitter as authorization code.
Post version: Draft :) keep checking for more updates on explanations over the HTTP transport.

January 24, 2014

Siebel Twitter Integration - Overview

What is Siebel?

Siebel is Oracle's CRM(Customer Relationship Management) product suite, which offer to manage customer relationships through various touchpoints. Siebel suite is designed mostly for all industry verticals and horizontals, and help business to manage customer data, order information, partner information, sales force automation, customer self service and many more customer interactions.

With its powerful integration capabilities Siebel can interact with other enterprise systems (like billing, back office systesms) on many protocols(like MQ Series, JMS, HTTP, Webservices, database connections, COM, Java, DLL and more..).

What is Twitter?

Does anybody need introduction? Twitter is first and biggest microblogging platform having billions of users accross the world. Some features like verified accounts, hash tagging and trending has made it one of the biggest social network platform.

User can vent their spleen out to the world lietrally about any topic and can follow any user or topic accross the world. From couple of years people have started venting about the poor customer service and problems on twitter. Business are forced to act on the complaints and provide response to keep the brand image. Recently angry customer's tweet about his lost baggage forced British airways to conduct a massive search operation, and helped passenger to get his lost baggage.

Does Siebel Provides Out of the box way to integrate with twitter? No!
Siebel recommends a third party product Buzzinet to handle the twiiter interaction and provide processed information back to Siebel. Which is a very tacttical solution and provides some benefits too. Thus it comes with premium licensing cost and service agreement.

Siebel Twitter Integration

In this series we will discuss a solution which can be implemented to integrate Siebel with twitter without the need of any another enterprise application or middleware.
Twitter only support REST API 1.1 for integration with other applications, current Twiiter API only accepts and provide response in JSON strings. That does not mean Siebel can not integrate Twitter. By using Java based EAI JSON Converter Siebel can create JSON strings and convert back string to data. Follow these links to understand more about EAI JSON Converter..

Twitter REST API v1.1 (@twitterapi) have three major ways of pulling and posting tweets into the cloud.

1. O-Auth User authentication

This method is used by mobile application and third party websites to allows users to acccess twiter features without leaving their environment.

2. Applicaton Only authentication

This type of authentication allows application to execute search queries on twitter and follow topics. With this type of authentication Twitter provides little more generous rate limits for querying twitter, and are best suited for CRM applications.

3. Streaming API

This is firehose of twitter tweets, and it streams live tweets to the applcation using long lived open HTTP connections. This feature should only be implemented if some serious research of user analytics need to be performed.

For the purpose of this series we will demonstrate a solutions which will help organizations having, to follow topics on twitter and post replies to the tweets all by using Siebel on premise application.

Later in this series:
 Stay tuned for coming up posts.

January 09, 2014

What does Google says about Siebel?

In recent weeks we have been reading many new articles across the web talking about Siebel's future. Initially it started with a community poll, and then couple of guest posts flared the discussion over blog-sphere, there were surveys  and conclusions done by well known authors: @lex and BruceDaley

 After some months Adam Honig warned consultants that Siebel is dead end there are many cloud services which are proving an alternative to enterprise installed Siebel application and recommended to switchover to other technologies. Bruce Daley however opposed the viewpoint, he was supported by Richard which pointed out few good things about Siebel. Both however could not completely ruled out the facts regarding the continuing loss of oracle business due to the cloud CRM systems. I recommend to read the discussion on this link.and link
Earlier during the year on other extreme @lex technical trainer from oracle recommended to learn Siebel technology even if it is the last day, It felt a bit of an emotional post. Everyone in Siebel developer community had same feelings.

Nothing actually changed my mind except the post from sugar crm sales team, they published and article showcasing selection of sugar crm as replacement of biggest Siebel call center implementation in IBM. Collectively all these forced me to do my own research.

I am not a veteran Siebel researcher like Bruce and don't have any data from the customers world wide. So I started with Google. Found couple of videos and interviews from Siebel product management found that everyone is defending Siebel(links to come).

Then I turned over to Google trends, and found a very interesting facts, In this post I am just sharing my understanding over these graphs. The first comparison I performed was of Siebel & Salesforce in which you can easily see that Salesforce is gaining the momentum and Siebel losing it.

Next Graph shows comparisons of all the leading customer relationship management applications.

They show easily that interest in Siebel is declining and Saleforce is becoming popular, this is also displayed in siebel/salesforce job search and interviews.

Next graphs shows the similarity of Siebel graph with the downfall of s60 over iOS and Android

Next I turned on to another Google tool : Google Adwords which tells how much other advertisers are bidding to rank their ads on google search terms.

One could easily see Siebel search terms have lower cost, and Salesforce is significantly higher than Siebel!

I appreciate the efforts of everyone who is promoting year 2014 as great year for Siebel, but stats doesn't seems to agree. I am strong believer of keeping the spirit and momentum high, but this had to be shared.