Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options >

Configuring Secure Communications for Security Adapters

This topic describes how to use SSL or TLS to transmit data between a security adapter provided with Siebel Business Applications and an LDAP directory or Active Directory. Secure communications for the Siebel security adapter can be implemented in the following authentication strategies:

• Security adapter authentication: LDAP, ADSI, custom (not database authentication)
• Web SSO authentication

The setup you must do to implement SSL or TLS differs depending on whether you implement the LDAP or ADSI security adapter. If you use the LDAP security adapter to authenticate against Active Directory, then you must configure SSL between the LDAP security adapter and the Active Directory server if you want to manage user passwords or create new users in the Active Directory. Implementing SSL in these circumstances is a requirement of Microsoft Windows and Active Directory.

NOTE:  SSL encryption is supported with the LDAP security adapter. TLS encryption is supported with the ADSI security adapter. The SSL encryption standard is not secure. It is recommended that you implement additional methods of securing connections between the LDAP security adapter and directory servers.

Configuring SSL for the LDAP Security Adapter

The following procedure describes how to configure SSL for the LDAP security adapter.

To configure SSL for the LDAP security adapter

1. Set the SslDatabase parameter value for the security adapter (LDAPSecAdpt) to the absolute directory path of the Oracle wallet.

   The Oracle wallet, generated using Oracle Wallet Manager, contains a certificate for the certificate authority that is used by the directory server. For information, see Creating a Wallet for Certificate Files When Using LDAP Authentication with SSL.

2. Set the WalletPassword parameter for the LDAP security adapter (LDAPSecAdpt) to the password assigned to the Oracle wallet.

Configuring TLS for the ADSI Security Adapter

The following procedure describes how to configure TLS for the ADSI security adapter.

To configure TLS for the ADSI security adapter

1. Set up an enterprise certificate authority in your domain.
2. Set up the public key policy so that the Active Directory server automatically demands a certificate from that certificate authority.
3. Set the profile parameter UseSsl to True for the ADSI Security Adapter profile (alias ADSISecAdpt).

   For information about setting Siebel Gateway Name Server parameters, see Siebel Gateway Name Server Parameters.