Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Web Single Sign-On Authentication >

Requirements for Microsoft Windows Integrated Authentication

This topic outlines the requirements for integrating Siebel CRM with a Microsoft Windows Integrated Authentication (WIA) SSO solution.

To deploy Microsoft Windows Integrated Authentication as your Web SSO solution, the following requirements must be met:

  • Make sure that your client and Web server meet one of the following conditions:
    • Are in the same Windows domain.
    • Are in a trusted Windows domain where a user's account can be granted access to resources on the computer hosting Microsoft IIS.

      NOTE:  Siebel Business Applications can support Web SSO in a multiple domain Active Directory implementation provided that all Siebel user IDs exist in the Active Directory that the Siebel application connects to, and provided that multiple domain authentication is supported by the Web SSO system. In a multiple domain implementation, each Siebel user who uses Internet Explorer as a Web browser must perform the steps in Configuring Internet Explorer for Windows Integrated Authentication.

  • Use a version of Microsoft IIS Web Server that is supported by Siebel Business Applications.
    • For information on supported servers, see Siebel System Requirements and Supported Platforms on Oracle Technology Network.

      NOTE:  For Siebel CRM product releases 8.1.1.9 and later and for 8.2.2.2 and later, the system requirements and supported platform certifications are available from the Certification tab on My Oracle Support. For information about the Certification application, see article 1492194.1 (Article ID) on My Oracle Support.

    • For information on configuring the IIS Web server for Integrated Authentication go to the Microsoft MSDN Web site at

      http://msdn.microsoft.com/

  • In the [SWE] section of the eapps.cfg file, set the parameter IntegratedDomainAuth to a value of TRUE, and set the SingleSignOn parameter to TRUE.
  • In a Web SSO implementation using Microsoft Windows Integrated Authentication, the SWSE can derive the user's user name from either a Web server environment variable or an HTTP request header variable. For additional information, see Configuring the User Specification Source.

    If you are using header variables to store the user's user name, configure the Web SSO authentication service to map an SSO header variable uid to the Siebel uid directory attribute.

Configuring Internet Explorer for Windows Integrated Authentication

In a multiple domain implementation of Windows Integrated Authentication, each Siebel user who uses Internet Explorer as a Web browser must perform the steps in the following procedure to suppress authentication challenges when logging into Siebel Business Applications.

To configure Internet Explorer for Windows Integrated Authentication

  1. From the Tools menu, select Internet Options, then the Security tab.
  2. Select a zone, for example, Trusted sites, then click the Custom level.. button.
  3. Navigate to User Authentication, and then Logon.
  4. Select the Automatic logon with current user name and password option, then click OK.
    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.