Siebel Security Guide > About Security for Siebel Business Applications > Siebel Security Architecture >

User Authentication for Secure System Access

Siebel Business Applications provide an open authentication architecture that integrates with a customer's selected authentication infrastructure. For more information, see Security Adapter Authentication and Web Single Sign-On Authentication.

Siebel Business Applications support these types of user authentication:

• Database authentication

  A database security adapter is provided to support this type of user authentication.

• Lightweight Directory Access Protocol (LDAP) and Active Directory Services Interface (ADSI) authentication

  LDAP and ADSI security adapters are provided to support these types of user authentication.

• Web Single Sign-On (Web SSO)

Customers can also develop custom security adapters using a security adapter SDK.

NOTE:  The exact valid character set for a Siebel username depends on the underlying authentication system. For database, LDAP, ADSI, or Web SSO authentication, see documentation from your vendor.

These authentication mechanisms apply whether users access Siebel Business Applications from within a LAN or WAN, or remotely. Figure 1 shows a logical view of the three primary types of user authentication within a Siebel site.

Figure 1. Logical Diagram of User Authentication Methods Within a Siebel Site

Security Adapter for Database Authentication

Siebel Business Applications provide a database security adapter mechanism for credential collection and verification. The default login form collects Siebel username and password credentials. The security adapter works with the underlying security systems of the database to verify users' credentials.

With database authentication, each user must have a valid database account in order to access Siebel Business Applications. The database administrator (DBA) must add all user database accounts. Database authentication deployment supports password hashing for protection against hacker attacks.

All Siebel Business Applications can use database authentication, which is configured as the default. However, some functionality provided by Siebel Business Applications, such as workflow processes to support user self-registration or forgotten password scenarios (capabilities commonly used in customer applications), require authentication using LDAP or ADSI security adapters. For this reason, database authentication is rarely used with customer applications.

Security Adapters for LDAP and ADSI Authentication

For employee or customer applications, Siebel Business Applications include a preconfigured security adapter interface to allow organizations to externalize credential verification in an LDAP or ADSI directory. The interface connects to a security adapter, which contains the logic to validate credentials to a specific authentication service.

Siebel Business Applications customers can therefore verify user credentials with security standards such as LDAP or ADSI.

Siebel Business Applications have developed security adapters for leading authentication services:

• LDAP security adapter integration is currently certified and supported for Oracle Internet Directory, IBM Directory Server, Novell NDS eDirectory, Sun Java System Directory Server, and Microsoft Active Directory.
• ADSI security adapter integration is certified and supported for Microsoft Active Directory.

For information about third-party products supported or validated for use with Siebel Business Applications, see Siebel System Requirements and Supported Platforms on Oracle Technology Network. You can also build security adapters to support a variety of authentication technologies. For information on custom security adapters, see Security Adapter SDK.

Web Single Sign-On

Siebel Business Applications offer customers the capability of enabling a single login across multiple Web applications—also known as Web Single Sign-On (SSO). Siebel Business Applications provide a configurable mechanism for communicating with Web SSO infrastructures, identifying users, and logging users into Siebel Business Applications.

With Web SSO, users are authenticated independently of Siebel Business Applications, such as through a third-party authentication service, or through the Web server.

Oracle has alliances with leading security providers for Web SSO integration. Providers are listed in the SSO solution category at

http://www.oracle.com/partnerships/isv/integration/search.html.

For information on the Oracle Identity Management products that are certified for use with Siebel, see About Security Products Supported by Siebel.