Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Web Single Sign-On Authentication >

About Implementing Web Single
Sign-On

To provide user access to Siebel Business Applications on a Web site implementing Web SSO, the authentication system must be able to provide the following to Siebel Business Applications:

  • Verification that the user has been authenticated
  • A user credential that can be passed to the directory, from which the user's Siebel user ID and database account can be retrieved

In a Web SSO environment, you must provide your authentication service and any required components, such as an authentication client component.

Web Single Sign-On Implementation Considerations

The following are some implementation considerations for a Web SSO strategy:

  • Users are authenticated independently of Siebel Business Applications, such as through a third-party authentication service or through the Web server.
  • You must synchronize users in the authentication system and users in the Siebel database at the Web site level.
  • You must configure user administration functionality, such as self-registration, at the Web site level.
  • A delegated administrator can add users to the Siebel database, but not to the authentication system.
  • Siebel Business Applications support the following types of Web SSO solutions:
    • Windows Integrated Authentication (WIA) SSO

      To implement Windows Integrated Authentication SSO solutions, the Siebel application and the Siebel Web server must run on Windows operating systems.

    • Standards-based Web SSO solutions that meet the requirements listed in Requirements for Standards-Based Web Single Sign-On.
  • Siebel Business Applications do not support Web SSO solutions that are based on Security Assertion Markup Language or that are cookie based.

NOTE:  Implement Web SSO in a development environment before deploying it in a production environment.

Web Single Sign-On Options

You can implement the following options in a Web SSO environment that uses a Siebel-compliant security adapter:

  • User specification source. You must specify the source from which the Siebel Web Engine derives the user's identity key: a Web server environment variable or an HTTP request header variable. For details, see Configuring the User Specification Source.
  • Digital certificate authentication. Siebel Business Applications support X.509 digital certificate authentication by the Web server. For information on implementing digital certificate authentication for Web SSO, see About Digital Certificate Authentication.
  • In addition, many options identified in Security Adapter Deployment Options can be implemented for Web SSO.
Related Topics

Requirements for Standards-Based Web Single Sign-On

Requirements for Microsoft Windows Integrated Authentication

      
Siebel Security Guide Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices.