Security Guide for Siebel eBusiness Applications > Web Single Sign-On Authentication >

Setting Up Web SSO: A Scenario

This section provides instruction to set up a Web SSO architecture for a single Siebel application. Your implementation may include more than one Siebel application, and you may implement options that are not included here.

Make sure you implement Web SSO in a development environment before deploying it in a production environment. You can repeat the appropriate instructions here to provide Web SSO access to additional Siebel applications.

These instructions implement the following basic (example) configuration:

• IIS Web server is deployed on Windows 2000. The IIS Web server functions as the authentication service.
• An Active Directory Server (ADS) and the Web server are installed on different machines. ADS serves as a directory of users for the following functions:
  • Authenticates Web server users.
  • Provides the Siebel user ID and the database account for authenticated Web server users.
• The ADSI security adapter communicates between the authentication manager and ADS.
• The Siebel Server, which includes the AOMs representing the deployment of your Siebel Web-based applications.

  NOTE:  The instructions in this section describe a minimal, baseline configuration. In a production environment, it is not recommended to install the Siebel Server on the same machine as the Web server.

If you use a non-Siebel security adapter, it must support the Siebel Security Adapter Software Developers Kit, described in Security Adapter SDK. You must adapt the applicable parts of the implementation to your security adapter.

The following installations must be completed before you set up this Web SSO authentication environment:

• Your Web server and the ADS are installed on different machines.
• The Siebel applications, including the Siebel Gateway Name Server and the Siebel Server, are installed. The Siebel Server, including affected AOMs, is installed on the Web server machine.

These instructions assume that you are experienced with administering the ADS. You can perform tasks such as creating and modifying user storage subdirectories, creating attributes, creating users, and providing privileges to users.