Security Guide for Siebel Business Applications > Security Adapter Authentication >

Security Adapter Deployment Options

This section describes security adapter options that can be implemented in a security adapter authentication environment or in a Web SSO environment. Unless noted otherwise, these options are supported by the Siebel LDAP and ADSI security adapters and by adapters that comply with the Siebel Security Adapter Software Developer's Kit (SDK) version 3.0. For more information, see Technical Note 415 on Siebel SupportWeb.

• Application user. A designated entry in the directory is the only user with search and write privileges to the directory. You maintain an unexposed password for the application user in the directory, while an encrypted version of the password is used in other phases of the authentication process. An encryption algorithm is applied to the application user password before it is sent to the database. The application user login must also be set up with the encrypted version of the password.

  For more information, see Configuring the Application User.

• Checksum validation. Verifies that the security adapter loaded by the authentication manager is the correct version. It is strongly recommended that you use checksum validation to make sure that the appropriate security adapter provides user credentials to the authentication manager for all users who request access.

  For more information, see Configuring Checksum Validation.

• Secure communications for security adapters. You can use Secure Sockets Layer (SSL) to transmit data between the Siebel-provided security adapter and the LDAP/ADS directory.

  For more information, see Configuring Secure Communications for Security Adapter.

• Shared database account. A designated entry in the directory contains a database account that is shared by other users.

  For more information, see Configuring the Shared Database Account.

• Adapter-defined user name. You can configure a Siebel application so that the username presented by the user is a value other than the Siebel user ID; for example, a Social Security number. The security adapter returns the Siebel user ID of the authenticated user and a database account from the directory to the authentication manager.

  For more information, see Configuring Adapter-Defined User Name.

• Roles defined in directory. You can choose to store users' Siebel responsibilities as roles in a directory attribute instead of in the Siebel Database.

  For more information, see Configuring Roles Defined in Directory.