Siebel Security Guide > Web Single Sign-On Authentication >

Configuring the User Specification Source


The User Specification Source option can be implemented in a Web SSO authentication strategy. In a Web SSO implementation, the SWSE derives the user's user name from either a Web server environment variable or an HTTP request header variable. You must specify one source or the other.

If your implementation uses a header variable to pass a user's identity key from the third-party authentication service, then it is the responsibility of your third-party or custom authentication client to set the header variable correctly. The header variable must only be set after the user is authenticated, and it must be cleared when appropriate by the authentication client. If a header variable passes an identity key to the Siebel authentication manager, and the trust token is also verified, then the user is accepted as authenticated.

The following procedure describes how to specify the source of a user name: either a Web server environment variable or an HTTP request header variable.

To specify the source of the user name

  • In the eapps.cfg file, provide the following parameter values in either the [defaults] section or the section for each individual application, such as, for example, [/eservice].
    • UserSpec = name of the variable, for example, REMOTE_USER, if UserSpecSource is set to Server.

      If UserSpecSource is set to Header, then the value of UserSpec is the variable that is passed into the HTTP header; the name of the variable must not be prefaced with HTTP_.

    • UserSpecSource = Server, if you use a Web server environment variable.
    • UserSpecSource = Header, if you use an HTTP request header variable.

      NOTE:  If you use a header variable to pass the user name from a Microsoft IIS Web Server, then first configure the Microsoft IIS Web Server to allow anonymous access. You make this security setting for the default Web site in the Microsoft IIS Service Manager.

      For information about setting parameters in the eapps.cfg file, see About Parameters in the eapps.cfg File.

Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.