Security Guide for Siebel Business Applications > Web Single Sign-On Authentication > Setting Up Web SSO: A Scenario >

Setting Up the Active Directory Server

In this scenario, Active Directory Server (ADS) performs two functions that might be handled by two separate entities in other Web SSO implementations.

• Users are authenticated through the ADS performing its function as the Microsoft IIS Web server directory.
• ADS serves as the directory from which an authenticated user's Siebel user ID and database account are retrieved.

You must perform separate configuration tasks for the following purposes:

• Configure the ADS as the directory which provides the user IDs and the Siebel Database account for authenticated users.
• Configure the Microsoft IIS Web server to authenticate against the ADS.

Configuring the Active Directory Server

Determine a subdirectory in the ADS directory to store users. You cannot distribute the users of a single Siebel application in more than one subdirectory. However, you may store multiple Siebel Business Applications' users in one subdirectory. For this example, users are stored in the Users subdirectory under the domain-level directory in the ADS.

Define the attributes to use for the following user data. Create new attributes if you do not want to use existing attributes. For this example, attributes are suggested. Some of the suggested attributes exist, without additional configuration, in the ADS directory.

• Siebel user ID. Suggested attribute: sAMAccountName.
• Database account. Suggested attribute: dbaccount.

Additionally, a user password is assigned to each user using the ADS user management tools. The user password is not stored as an attribute.

NOTE:  A user password is required for the ADS for its role as the Microsoft IIS Web server directory, which is the authentication service in this configuration. A user password attribute is not required for ADS as the directory. In other configurations in which the authentication service is physically independent of the directory, the directory is not required to have a user password assigned to each user.

For purposes of Microsoft IIS Web server authentication, provide attributes as needed to store the username, first name, last name, or other user data.

Configuring the Microsoft IIS Web Server

You must configure the Microsoft IIS Web server to authenticate against the Active Directory Server.

You can configure your Microsoft IIS Web server to use Basic authentication.

For information about setting authentication modes for Microsoft IIS Web server, see your Microsoft IIS Web server documentation.

For purposes of testing this Web SSO implementation, configure your Web site to require users to log in at an entry point to the Web site.