Security Guide for Siebel eBusiness Applications > Security Adapter Authentication >

About Siebel Security Adapters

When you install your Siebel eBusiness Applications, these security adapters are provided for user authentication:

• Database security adapter
• ADSI (Active Directory Services Interface) security adapter
• LDAP (Lightweight Directory Access Protocol) security adapter

The security adapter is a plug-in to the authentication manager. The security adapter uses the credentials entered by a user (or supplied by an authentication service) to authenticate the user, as necessary, and allow the user access to the Siebel application.

An LDAP or ADS directory is a store in which information that is required to allow users to connect to the Siebel Database, such as database accounts, Siebel user IDs, or roles, is maintained external to the Siebel Database, and is retrieved by the security adapter.

In general, the process of security adapter authentication includes the following principal stages:

• The user provides identification credentials.
• The user's identity is verified.
• The user's Siebel user ID and database account are retrieved from a directory, from the Siebel Database, or from another external source (for Web Single Sign-On).
• The user is granted access to the Siebel application and the Siebel Database.

For specific information about third-party directory servers supported by Siebel-provided security adapters, see System Requirements and Supported Platforms on Siebel SupportWeb for your Siebel application.

You can implement a security adapter other than one of those provided by Siebel Systems. To support the functionality described in this section for the Siebel adapters, the adapter you implement must support the Siebel Security Adapter Software Development Kit. For more information, see Security Adapter SDK.

Depending on how you configure your authentication architecture, the security adapter may function in one of the following modes, with respect to authentication:

• With authentication (LDAP or ADSI security adapter authentication mode). The security adapter uses credentials entered by the user to verify the user's existence in the directory. If the user exists, the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles which are passed to the Application Object Manager (AOM) to grant the user access to the Siebel application and the database. This adapter functionality is typical in a security adapter authentication implementation.
• Without authentication (Web SSO mode). The security adapter passes an identity key supplied by a separate authentication service to the directory. Using the identity key to identify the user in the directory, the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles that are passed to the AOM to grant the user access to the Siebel application and the database. This adapter functionality is typical in a Web SSO implementation.

  NOTE:  The security adapter does not provide authentication for Web SSO. Web SSO is the capability for a user's authentication on your Web site to serve for access to other applications on the Web site, including Siebel applications. However, when implementing Web SSO, you must also deploy a security adapter.

  For more information, see Web Single Sign-On Authentication.

In an environment using external security adapter authentication (such as LDAP or ADSI), the security adapter can create a record in the directory when the user is created in the Siebel Database.