Siebel Security Guide > Security Adapter Authentication >

About Siebel Security Adapters

When you install your Siebel Business Applications, these security adapters are provided for user authentication:

• Database security adapter (enabled by default)

  For more information, see About Database Authentication.

• ADSI (Active Directory Services Interface) security adapter
• LDAP (Lightweight Directory Access Protocol) security adapter

The security adapter is a plug-in to the authentication manager. The security adapter uses the credentials entered by a user (or supplied by an authentication service) to authenticate the user, as necessary, and allow the user access to the Siebel application.

You can implement a security adapter other than one of those provided by Siebel Business Applications provided the adapter you implement supports the Siebel Security Adapter Software Development Kit. For more information, see Security Adapter SDK.

You can implement LDAP or ADSI authentication for application object manager components and for EAI components. Do not use the ADSI security adapter or LDAP security adapter to authenticate access to batch components such as, for example, the Communications Outbound Manager. Configure batch components to use the database security adapter instead. Batch components access the Siebel database directly and, as a result, must use the database security adapter. Note also that Siebel Server infrastructure and system management components such as Server Manager, Server Request Broker, and Server Request Processor access the Siebel database directly. For this reason, these components cannot use the LDAP or ADSI security adapter.

Authentication Directories

An LDAP directory or an Active Directory is a store in which information that is required to allow users to connect to the Siebel database, such as database accounts or Siebel user IDs, is maintained external to the Siebel database, and is retrieved by the security adapter. For specific information about third-party directory servers supported by the security adapters provided with Siebel Business Applications, see Directory Servers Supported by Siebel Business Applications and the Certifications tab on My Oracle Support.

Security Adapter Authentication

In general, the process of security adapter authentication includes the following principal stages:

• The user provides identification credentials.
• The user's identity is verified.
• The user's Siebel user ID and database account are retrieved from a directory, from the Siebel database, or from another external source (for Web Single Sign-On).
• The user is granted access to the Siebel application and the Siebel database.

Depending on how you configure your authentication architecture, the security adapter might function in one of the following modes, with respect to authentication:

• With authentication (LDAP or ADSI security adapter authentication mode). The security adapter uses credentials entered by the user to verify the user's existence and access rights in the directory. If the user exists, then the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles which are passed to the Application Object Manager to grant the user access to the Siebel application and the database. This adapter functionality is typical in a security adapter authentication implementation.
• Without authentication (Web SSO mode). The security adapter passes an identity key supplied by a separate authentication service to the directory. Using the identity key to identify the user in the directory, the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles that are passed to the Application Object Manager to grant the user access to the Siebel application and the database. This adapter functionality is typical in a Web SSO implementation.

  NOTE:  The security adapter does not provide authentication for Web SSO. Web SSO is the ability to authenticate a user one time for access to multiple applications, including Siebel Business Applications. However, when implementing Web SSO, you must also deploy a security adapter.

For information on the most commonly reported error messages when implementing standard Siebel security adapters, see 477528.1 (Article ID) on My Oracle Support.

Event Logging for Siebel Security Adapters

Siebel Business Applications provide the following event types to set log levels for security adapters:

• Security Adapter Log

  This event type traces security adapter events.

• Security Manager Log

  This event type traces security manager events.

Modify the values for these two event types to set the log levels that the Application Object Manager writes to the log file. For more information about how to set the log levels for event types, see Siebel System Monitoring and Diagnostics Guide.