Siebel Support for Internet Explorer 8 (IE8)

Support for IE8 with Siebel Standard and High Interactivity Clients as well as Tools and Tablet is subject to dependencies and restrictions.

All client machines must run JRE version 1.5 or higher.

IMPORTANT: The Data Execution Protection option (enabled by default in IE8) must be disabled. For more information on this please see Restriction #6 below and Document 1066053.1, "Siebel version 7 & 8 settings for Internet Explorer versions 6, 7 and 8".

IE8 is not supported with the Siebel Open UI client

Configuration 
The following configuration changes must be made on each Application Server. This is mandatory for all Siebel versions whenever IE8 is used regardless of version or patch level:

1. Go to SiteMap (shortcut: control+shift+A)
2. Go to Administration - Web Browser > Browsers > Browsers
3. Check whether Browser "IE 8.0" exists. If it doesn't, create a new Browser  called "IE 8.0" and add similar capabilities as those in "IE 7.0"
4. Create a Browser with the name "MSIE 8.0"
5. Add the following capabilites
   • User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT <version>)
        NT versions: 5.1 = WinXP; 5.1= Server 2003 or XP x64; 6.0 = Vista, 6.1=Win7, 6.2=Win8
   • Parent: IE 8.0
   • Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
   • JumpTab: True
6. Reload all Siebel Application servers 

Restrictions

1. Windows 64-bit versions 
   Although there are no native 64-bit Siebel clients the 32-bit version 8.x HI clients (Developer, Mobile/Remote and Siebel Tools) are supported on 64-bit Windows XP, Vista and Windows 7. The user must be a member of the Local Administrators group and the Oracle client installer must be run by a user with Local Administrator rights.
   
   Windows XP Pro (64-bit) includes a 32-bit version of IE (C:\Program Files (x86)\Internet Explorer\iexplore.exe) which is supported since it runs in native 32-bit mode.
   
   Vista (64-bit) includes a 32-bit version of IE which is not supported due to numerous problems with IE-x32 on Vista-x64 (see Microsoft's Knowledge Base Item 896457). 
   
   Windows 7 (64-bit) also includes a 32-bit IE executable which is supported. Please see MSKB article 896457 for further details.
    
2. Tabbed browsing
   Only one tab per IE8 instance may contain an active Siebel session. There are no other Siebel restrictions on additional tabs.
   
   IF an active Siebel session tab is closed without logging out, the user remains logged in when another Siebel session is opened. This is a long-standing feature of Siebel. To completely disconnect from Siebel either use the "Logout" menu option in Siebel or close the IE8 browser instance.
   
   Session-based information is also maintained if the Web Client is re-launched using the IE8 shortcut or the File -> New Window option from the IE menu bar.
   Note that from Siebel v8.1.1.11 FP, multi tabbing and File->New Window is prevented and  a proper error message is displayed that a session already exists.
   
   To launch a new IE session that will not share session information, use one of the following methods:
   • Select File -> 'New Session' from the IE menu bar
   or
   • Run the 'iexplore.exe -noframemerging" command (this flag can be added to the IE8 shortcut)
3. UAC on Vista and Windows 7 
   UAC on Vista and Windows 7 may be used with Protected Mode = OFF and the Security Level set to Medium-Low or lower. The use of UAC has not been fully tested with Siebel applications.
    
4. IE7 Compatibility Mode
   Compatibilty Mode is not supported, only the 'Standards Mode'. For intranet sites this is not the default mode; customers must either explicitly set browser configurations to recognize Siebel only in Standards Mode, or set Web servers to issue the custom 'EmulateIE8' HTML header tag for all Siebel connections.
   
   There are three ways to ensure standards mode rendering:
   • Uncheck the 'IE7 Compatibility mode' box on each browser on each client machine manually or through the Group Policy Editor (see http://blogs.msdn.com/ie/archive/2008/10/02/ie8-group-policy.aspx).
   • Uncheck the browser box 'Display intranet sites in Compatibility View' on each browser on each client manually or with the Group Policy tools to disable it.
   • Set each Web server to send the "IE=EMULATEIE8" custom HTML header for all pages sent from the Siebel application. Instructions for IIS may be found at http://msdn.microsoft.com/en-us/library/ms524327.aspx.IE7 Compatibility Mode is described at: http://blogs.msdn.com/ie/archive/2008/08/27/introducing-compatibility-view.aspx.
   
   A description of differences between IE8 Standards Mode and 'IE7 Compatibility Mode' may be found at http://blogs.msdn.com/ie/archive/2009/03/12/site-compatibility-and-ie8.aspx.
    
5. Unsupported IE8 New Features
   The following configurations of Siebel are not yet supported with IE8:
   • Containers
   • Accessibility
      
6. Other IE8 New Features
   A number of new features introduced in IE8 are expected to be supported over the coming year.  The following is a list of features not yet supported:
   • Enhanced security (downloads, XSS, DEP - buffer overflow prevention)
   • Tab-level crash recovery.
   
   The DEP feature (Data Execution Prevention) must be turned OFF when used with Siebel, as we have not yet included the specialized code required to fully implement this feature. This may be done by unchecking the relevant box on the individual client browsers, or by using the Group Policy tools, or by using the relevant Vista control panel. A description of how to turn off DEP with Vista may be found here: http://www.vistax64.com/tutorials/65790-dep-turn-off-programs.html. 
   
   DEP can be disabled in the following ways:
   
   • IE8 > Tools > Internet Options > Advanced tab
   • In a CMD window running "As Administrator":  bcdedit.exe /set {current} nx AlwaysOff
   • IE Group Policy administration tool

   In order to support DEP under Windows, a computer's processor must support hardware-enforced DEP. This can be determined by running: wmic OS Get DataExecutionPrevention_Available
   in a CMD window; "TRUE" means hardware support exists. The level of DEP running can be determined by running
       wmic OS Get DataExecutionPrevention_SupportPolicy
   This returns an integer from 0-3; the default value is "2" and only Windows system components and services have DEP applied. A value of "0" means DEP is always off and "1" means DEP is always on for all processes.

   Setting this value to "3" is a potential work-around. The policy in this case is that DEP is enabled for all processes but Administrators can manually create a list of specific applications which do not have DEP applied.

   Implementation of the DEP feature is dependent on a Microsoft compiler version not currently used for Siebel applications.

   The DEP feature only mitigates code injection vulnerabilities for which Siebel software already includes protection. The ENCODEDATA parameter prevents execution of any code inside Siebel data. This is the default setting for Siebel. More information can be found in Bookshelf: "Configuring Siebel Business Applications Version 8.1" (page 281 in rev A).

7. The attachment pop-up window file path field is read-only 
   Microsoft has modified the IE8 file upload control to be read-only in order to block attacks which rely on stealing keystrokes to trick the user into typing a local file path into the control. File names and paths cannot be pasted from the clipboard, either. The user must explicitly select a file for upload by using the File Browse dialog box; IE8 then submits only the file name, not the full path. TheInclude local directory path when uploading filessecurity setting is disabled by default for the Internet zone.