Siebel Security Guide > Web Single Sign-On Authentication >
About Implementing Web SSO Authentication
To provide user access to Siebel Business Applications on a Web site implementing Web SSO, the Siebel Business Applications must be able to determine the following from the authentication system:
- Verification that the user has been authenticated
- A user credential that can be passed to the directory, from which the user's Siebel user ID and database account can be retrieved
In a Web SSO environment, you must also provide your authentication service and any required components, such as an authentication client component.
Using Microsoft Windows Integrated Authentication
If you deploy Microsoft Windows Integrated Authentication as your Web SSO solution, make sure that your client and Web server meet one of the following conditions:
- Are in the same Windows 2000/2003 domain.
- Are in a trusted Windows 2000/2003 domain where a user's account can be granted access to resources on the computer hosting Microsoft IIS.
NOTE: To deploy Microsoft Windows Integrated Authentication as your Web SSO solution, your Web server must be Microsoft ISS 5.0 or Microsoft ISS 6.0.
For more information, see Microsoft documentation.
Web SSO Implementation Considerations
Following are some implementation considerations for a Web SSO strategy:
- Users are authenticated independently of Siebel Business Applications, such as through a third-party authentication service or through the Web server.
- You must synchronize users in the authentication system and users in the Siebel database at the Web site level.
- You must configure user administration functionality, such as self-registration, at the Web site level.
- A delegated administrator can add users to the Siebel database, but not to the authentication system.
For more information about integrating third-party authentication software with Siebel Business Applications, contact the Siebel Alliance Group.
Web Single Sign-On Options
You can implement the following options in a Web SSO environment that uses a Siebel-compliant security adapter:
- User specification source. You must specify the source from which the Siebel Web Engine derives the user's identity key: a Web server environment variable or an HTTP request header variable. For details, see Configuring the User Specification Source.
- Digital certificate authentication. Siebel Business Applications support X.509 digital certificate authentication by the Web server. For information on implementing digital certificate authentication for Web SSO, see Digital Certificate Authentication.
- In addition, many options identified in Security Adapter Deployment Options can be implemented for Web SSO.