Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Web Single Sign-On Authentication > Process of Implementing Web Single Sign-On >

Setting Up the ADSI Directory

This topic describes how to set up the ADSI directory for a Web SSO implementation.

This task is a step in Process of Implementing Web Single Sign-On.

In the implementation of Web SSO outlined, the ADSI directory performs two functions that might be handled by two separate entities in other Web SSO implementations.

  • Users are authenticated through the ADSI directory performing its function as the Microsoft IIS Web server directory.
  • The ADSI directory serves as the directory from which an authenticated user's Siebel user ID and database account are retrieved.

You must perform separate configuration tasks for the following purposes:

  • Configure the ADSI directory as the directory that provides the user IDs and the Siebel database account for authenticated users.
  • Configure the Microsoft IIS Web server to authenticate against the Active Directory.

Configuring the ADSI Directory

The following procedure describes the steps involved in configuring the ADSI directory.

To configure the ADSI directory

  1. Select a subdirectory in the ADSI directory to store users, for example, the Users subdirectory under the domain-level directory.

    You cannot distribute the users of a single Siebel application in more than one subdirectory. However, you can store multiple Siebel Business Applications' users in one subdirectory.

  2. Define the attributes to use for the following user data (create new attributes if you do not want to use existing attributes):
    • Siebel user ID. Suggested attribute: sAMAccountName.
    • Database account. Suggested attribute: dbaccount.
  3. Password. Assign a user password to each user using the ADSI directory user management tools. The user password is not stored as an attribute.

    NOTE:  A user password is required for the ADSI directory only in its role as the Microsoft IIS Web server directory, which is the authentication service in this configuration. In other configurations in which the authentication service is physically independent of the directory, the directory is not required to have a user password assigned to each user.

  4. For purposes of Microsoft IIS Web server authentication, provide attributes as required to store the username, first name, last name, or other user data.

About Configuring the Microsoft IIS Web Server

You must configure the Microsoft IIS Web server to authenticate against the Active Directory. You can configure your Microsoft IIS Web server to use Basic authentication.

For information about setting authentication modes for Microsoft IIS Web server, see your Microsoft IIS Web server documentation.

For purposes of testing this Web SSO implementation, configure your Web site to require users to log in at an entry point to the Web site.

    
Siebel Security Guide Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices.