Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > About Security for Siebel Business Applications > Siebel Security Architecture > User Authentication for Secure System AccessSiebel Business Applications provide an open authentication architecture that integrates with a customer's selected authentication infrastructure. For more information, see Security Adapter Authentication and Web Single Sign-On Authentication. Siebel Business Applications support these types of user authentication:
Customers can also develop custom security adapters using a security adapter SDK. NOTE: The exact valid character set for a Siebel username depends on the underlying authentication system. For database, LDAP, ADSI, or Web SSO authentication, see documentation from your vendor. These authentication mechanisms apply whether users access Siebel Business Applications from within a LAN or WAN, or remotely. Figure 1 shows a logical view of the three primary types of user authentication within a Siebel site. Security Adapter for Database AuthenticationSiebel Business Applications provide a database security adapter mechanism for credential collection and verification. The default login form collects Siebel username and password credentials. The security adapter works with the underlying security systems of the database to verify users' credentials. With database authentication, each user must have a valid database account in order to access Siebel Business Applications. The database administrator (DBA) must add all user database accounts. Database authentication deployment supports password hashing for protection against hacker attacks. All Siebel Business Applications can use database authentication, which is configured as the default. However, some functionality provided by Siebel Business Applications, such as workflow processes to support user self-registration or forgotten password scenarios (capabilities commonly used in customer applications), require authentication using LDAP or ADSI security adapters. For this reason, database authentication is rarely used with customer applications. Security Adapters for LDAP and ADSI AuthenticationFor employee or customer applications, Siebel Business Applications include a preconfigured security adapter interface to allow organizations to externalize credential verification in an LDAP or ADSI directory. The interface connects to a security adapter, which contains the logic to validate credentials to a specific authentication service. Siebel Business Applications customers can therefore verify user credentials with security standards such as LDAP or ADSI. Siebel Business Applications have developed security adapters for leading authentication services:
For information about third-party products supported or validated for use with Siebel Business Applications, see Siebel System Requirements and Supported Platforms on Oracle Technology Network. You can also build security adapters to support a variety of authentication technologies. For information on custom security adapters, see Security Adapter SDK. Web Single Sign-OnSiebel Business Applications offer customers the capability of enabling a single login across multiple Web applications—also known as Web Single Sign-On (SSO). Siebel Business Applications provide a configurable mechanism for communicating with Web SSO infrastructures, identifying users, and logging users into Siebel Business Applications. With Web SSO, users are authenticated independently of Siebel Business Applications, such as through a third-party authentication service, or through the Web server. Oracle has alliances with leading security providers for Web SSO integration. Providers are listed in the SSO solution category at http://www.oracle.com/partnerships/isv/integration/search.html. For information on the Oracle Identity Management products that are certified for use with Siebel, see About Security Products Supported by Siebel. |
Siebel Security Guide | Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |