Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > Security Adapter Authentication > Configuring Database AuthenticationIf you do not use LDAP or ADSI authentication, then you must create a unique database account for each user. When an administrator adds a new user to the database, the User ID field must match the username for a database account. The user enters the database username and password when the user logs into Siebel Business Applications. Database Authentication ProcessThe stages in a database authentication process are:
Features Not Available for Database AuthenticationSome of the features that other authentication strategies provide are not available with database authentication, including:
Implementing Database AuthenticationIf you implement database authentication, it will typically be for a Siebel employee application, such as Siebel Call Center or Siebel Sales. Database authentication is configured as the default, and is the easiest to implement of the authentication approaches presented in this book. Although configuration might not be required, parameters for the database security adapter can be configured using Siebel Server Manager. To do this, you specify parameter values for a named subsystem (enterprise profile). For Developer Web Clients, parameters can be configured by editing the application configuration file directly. The database security adapter is specified using the Security Adapter Mode (SecAdptMode) and Security Adapter Name (SecAdptName) parameters:
The Security Adapter Mode and Security Adapter Name parameters can be set for the Siebel Enterprise Server, for a particular Siebel Server, for an individual AOM component, or for the Synchronization Manager component (for Siebel Remote). CAUTION: If you want to configure a server component or a Siebel Server to use different database authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then create a new database security adapter. Otherwise, settings you make will reconfigure the existing security adapter wherever it is used. You can implement user password hashing if you implement database authentication by specifying the Hash User Password parameter. User password hashing maintains an unexposed, hashed password to a database account, while an unhashed version of the password is provided to the user for logging in. When user password hashing is enabled, a hashing algorithm is applied to the user's password before it is compared to the hashed password stored in the database. For details, see About Password Hashing. NOTE: For database authentication, password hashing parameters are specified for a data source referenced from the database security adapter, rather than specified directly for the security adapter. For more information about parameters for the database security adapter, see Configuration Parameters Related to Authentication. An administrator must perform the following tasks to provide a new user with access to Siebel Business Applications and the Siebel database in a database authentication environment:
Using Database Authentication with MS SQL ServerWhen you install the Siebel Server, an ODBC data source name (DSN) is created which the Siebel Server uses to connect to the Siebel database. If you implement database authentication and you are using Siebel Business Applications with a Microsoft SQL Server database, ensure that you select the correct ODBC DSN configuration settings; if you do not, Siebel Web clients can log in to Siebel Business Applications without providing a password. When you configure the ODBC DSN settings for an MS SQL Server database, you can choose from the following authentication options:
The following procedure describes how to set the MS SQL Server ODBC data source settings on your Siebel Server. To set ODBC data source values for MS SQL Server
|
Siebel Security Guide | Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |