|
Security Guide for Siebel Business Applications > Security Adapter Authentication > Security Adapter Deployment Options >
Configuring Adapter-Defined User Name
The adapter-defined user name option can be implemented in the following authentication strategies:
- Security adapter authentication: LDAP, ADSI, custom (not database authentication)
- Web SSO authentication
You can configure your authentication system so that the username passed to the directory to retrieve a user's database account is not the Siebel user ID. For example, you may want users to enter an adapter-defined user name, such as their Social Security number, phone number, email address, or account number. When a user logs in with an adapter-defined user name, the user's Siebel user ID must still be provided to the AOM. The adapter-defined user name must be stored in one attribute in your directory, while the Siebel user ID is stored in another attribute. For example, you may have users enter their telephone number, stored in the telephonenumber attribute, while their Siebel user ID is stored in the uid attribute. The UsernameAttributeType configuration parameter defines the directory attribute that stores the username that is passed to the directory to identify the user, whether it is the Siebel user ID or an adapter-defined user name. The OM - Username BC Field (alias UsernameBCField) parameter for the AOM defines the field of the User business component that underlies the attribute specified by UsernameAttributeType. Even if other requirements to administer user attributes in the directory through the Siebel client are met, you must also set the UsernameAttributeType parameter for the security adapter, and set the OM - Username BC Field parameter. If you do not define these parameters appropriately, changes through the Siebel client to the underlying field are not propagated to the directory. For example, for users to log in with their work phone number, you must specify UsernameAttributeType to be the directory attribute in which the phone number is stored, for example telephonenumber, and you must define OM - Username BC Field to be Phone #, the field in the User business component for work phone number. To configure an adapter-defined user name
- For each security adapter (such as LDAPSecAdpt) that implements an adapter-defined user name, define the following parameter values:
UseAdapterUsername = TRUE
SiebelUserNameAttributeType = attribute in which you store the Siebel user ID, such as uid (LDAP) or sAMAccountName (ADSI).
UsernameAttributeType = attribute in which you store the adapter-defined user name, such as telephonenumber.
- Determine the field on the User business component that is used to populate the attribute in the directory that contains the adapter-defined user name.
The AOM parameter to be populated is OM - Username BC Field.
For information about working with Siebel business components, see Configuring Siebel Business Applications. For information about working with configuration parameters, see Siebel System Administration Guide.
- Using Siebel Server Manager, specify the User business component field name as the value for the
OM - Username BC Field parameter. You can provide this value at the Enterprise, Siebel Server, or component level. If this parameter is not present in the parameters list, add it.
NOTE: If you do not specify a field in the OM - Username BC Field parameter, the Siebel security adapter assumes that the Login Name field of the User business component (the Siebel user ID) underlies the attribute defined by the UsernameAttributeType parameter.
For information about setting Siebel configuration parameters, see Configuration Parameters Related to Authentication.
|
