Security Guide for Siebel Business Applications > Security Adapter Authentication >
Configuring Database Authentication
If you do not use LDAP/ADSI authentication, then you must create a unique database account for each user. When an administrator adds a new user to the database, the User ID field must match the username for a database account. The user enters the database username and password when the user logs into a Siebel application.
Database Authentication Process
The stages in a database authentication process are:
- The user enters a database account's username and password to a Siebel application login form.
- The Siebel Web Server Extension (SWSE) passes the user credentials to the AOM, which in turn passes them to the authentication manager.
- The authentication manager hashes the password, if
TRUE for the data source specified for the database security adapter, and passes the user credentials to the database security adapter.
- If the user credentials match a database account, the user is logged into the database and is identified with a user record whose user ID is the same as the database account's username.
In other words, the database security adapter validates each user's credentials by trying to connect to the Siebel Database.
Features Not Available for Database Authentication
Some of the features that other authentication strategies provide are not available with database authentication, including:
- A single user-authentication method that is valid for Siebel Business Applications and other applications
- User self-registration (typically used with customer applications)
- External delegated administration of users (typically used with partner applications)
- Creation of users from the Administration - User screen in the Siebel application
Implementing Database Authentication
If you implement database authentication, it will typically be for a Siebel employee application, such as Siebel Call Center or Siebel Sales.
Database authentication is configured as the default, and is the easiest to implement of the authentication approaches presented in this book.
Although configuration may not be required, parameters for the database security adapter can be configured using Siebel Server Manager. To do this, you specify parameter values for a named subsystem (enterprise profile). For Developer Web Client, parameters are configured by editing the application configuration file.
The database security adapter is specified using the
Security Adapter Mode (
Security Adapter Name (
Security Adapter Mode must be set to
DB (the default value).
Security Adapter Name must be set to
DBSecAdpt (the default value), or to a security adatper (enterprise profile or named subsystem) with a different name.
Security Adapter Mode and
Security Adapter Name parameters can be set for the Siebel Enterprise Server, for a particular Siebel Server, for an individual AOM component, or for the Synchronization Manager component (for Siebel Remote).
CAUTION: If you want to configure a server component or a Siebel Server to use different database authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then you should create a new database security adapter. Otherwise, settings you make will reconfigure the existing security adapter wherever it is used.
For more information about parameters for the database security adapter, see Configuration Parameters Related to Authentication.
An administrator must perform the following tasks to provide a new user with access to Siebel Business Applications and the Siebel Database in a database authentication environment:
The following option is available if you implement database authentication:
- User password hashing. Maintains an unexposed, hashed password to a database account, while an unhashed version of the password is provided to the user for logging in. When user password hashing is enabled, a hashing algorithm is applied to the user's password before it is compared to the hashed password stored in the database. For details, see Configuring Password Hashing.