Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options >
Configuring Secure Communications for Security Adapters
This topic describes how to use SSL to transmit data between the security adapter provided with Siebel Business Applications and an LDAP or ADSI directory. Secure communications for the Siebel security adapter can be implemented in the following authentication strategies:
- Security adapter authentication: LDAP, ADSI, custom (not database authentication)
- Web SSO authentication
You can encrypt the communications between the Siebel LDAP or ADSI security adapter and the directory using SSL. The setup you must do differs depending on whether you implement the LDAP or ADSI security adapter.
NOTE: If you use the LDAP security adapter to authenticate against Active Directory, then you must configure SSL between the LDAP security adapter and the Active Directory server if you want to manage user passwords or create new users in the Active Directory. Implementing SSL in these circumstances is a requirement of Microsoft Windows and Active Directory.
Configuring SSL for the LDAP Security Adapter
The following procedure describes how to configure SSL for the LDAP security adapter.
To configure SSL for the LDAP security adapter
- Set the SslDatabase parameter value for the security adapter (LDAPSecAdpt) to the absolute path of the file ldapkey.kdb. This file, which is generated by IBM GSKit, contains a certificate for the certificate authority that is used by the directory server. For information about generating the SSL database file for an LDAP authentication environment, see Generating a CMS Key Database Using IBM GSKit.
Configuring SSL for the ADSI Security Adapter
The following procedure describes how to configure SSL for the ADSI security adapter.
To configure SSL for the ADSI security adapter
- Set up an enterprise certificate authority in your domain.
- Set up the public key policy so that the Active Directory server automatically demands a certificate from that certificate authority.
- Set the profile parameter UseSsl to
True for the ADSI Security Adapter profile (alias ADSISecAdpt).
For information about setting Siebel Gateway Name Server parameters, see Siebel Gateway Name Server Parameters.