|Bookshelf Home | Contents | Index | PDF|
Siebel Systems has developed an open authentication architecture that integrates with a customer's selected authentication infrastructure. For more information, see Security Adapter Authentication and Web Single Sign-On Authentication.
These authentication mechanisms apply whether users access the Siebel application from within a LAN or WAN, or remotely. Figure 1 shows a logical view of the three primary types of user authentication within a Siebel site.
Siebel Systems provides a database security adapter mechanism for credential collection and verification. The default login form collects Siebel username and password credentials. The security adapter works with the underlying security systems of the database to verify users' credentials.
With database authentication, each user must have a valid database account in order to access the Siebel application. The database administrator (DBA) must add all user database accounts. Database authentication deployment supports password hashing for protection against hacker attacks.
Any Siebel application can use database authentication, which is configured as the default. However, some functionality provided by Siebel Systems, such as workflow processes to support user self-registration or forgotten password scenarios (capabilities commonly used in customer applications), require authentication using LDAP or ADSI security adapters. For this reason, database authentication is rarely used with customer applications.
For employee or customer applications, Siebel Systems includes a preconfigured security adapter interface to allow organizations to externalize credential verification in an LDAP or ADS directory. The interface connects to a security adapter, which contains the logic to validate credentials to a specific authentication service.
NOTE: The exact valid character set for a Siebel username and password depends on the underlying authentication system. For LDAP/ADSI authentication, refer to documentation from your vendor, such as one of those listed below.
For information on supporting additional security vendors, see Security Adapter SDK.
Siebel Systems offers customers the capability to enable a single login across multiple Web applications—also known as Web Single Sign-On (SSO). Siebel Systems provides a configurable mechanism for communicating with Web SSO infrastructures, identifying users, and logging users into Siebel Business Applications.
|Security Guide for Siebel Business Applications|