Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Web Single Sign-On Authentication >

About Digital Certificate Authentication

A digital certificate is a digital document that includes the public key bound to an individual, organization, or computer. Certificates are issued by certificate authorities (CAs) who have documented policies for determining owner identity and distributing certificates.

X.509 digital certificate authentication is a standards-based security framework that is used to secure private information and transaction processing. Certificates are exchanged in a manner that makes sure the presenter of a certificate possesses the private-key associated with the public-key contained in the certificate.

Siebel Business Applications support X.509 digital certificate authentication by the Web server. The Web server performs the digital certificate authentication and the Siebel application accepts the authentication result in the form of Web SSO.

For customers who have an existing PKI (Public Key Infrastructure) with client certificates, Siebel Business Applications support the use of X.509 certificates to authenticate the users of an application. This authentication is accomplished using TLS with client authentication capabilities of its supported Web servers for certificate handling.

To implement X.509 digital certificate authentication, you must perform the tasks for implementing Web SSO authentication, as described in Set Up Tasks for Standards-Based Web Single Sign-On, with the following specific guidelines:

  • Enter the following parameters in the [defaults] section of the eapps.cfg file:
    Parameter
    Value
    Comment

    SingleSignOn

    TRUE

    None

    TrustToken

    HELLO

    None

    ClientCertificate

    TRUE

    None

    UserSpec

    CERT_SUBJECT or REMOTE_USER

    For client authentication on Windows and AIX, use CERT_SUBJECT. For other UNIX operating systems, use REMOTE_USER.

    SubUserSpec

    CN

     

    This parameter value tells the application to extract the user name from the certificate name. For the Oracle iPlanet Web Server (formerly known as the Sun Java System Web Server), this setting is ignored.

    UserSpecSource

    Server

    None
  • Set the SecureBrowse parameter to True for the Application Object Manager component for which Digital Certificate Authentication is implemented, such as Call Center Object Manager.
  • For each security adapter (such as LDAPSecAdpt) that is to support certificate-based authentication, define the following parameter values:

    SingleSignOn = TRUE
    TrustToken = HELLO

      
Siebel Security Guide Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices.