Siebel Security Guide > Security Adapter Authentication >
Configuring Database Authentication
If you do not use LDAP or ADSI authentication, then you must create a unique database account for each user. When an administrator adds a new user to the database, the User ID field must match the username for a database account. The user enters the database username and password when the user logs into Siebel Business Applications.
Database Authentication Process
The stages in a database authentication process are:
- The user enters a database account's username and password to a Siebel Business Applications login form.
- The Siebel Web Server Extension (SWSE) passes the user credentials to the AOM, which in turn passes them to the authentication manager.
- The authentication manager hashes the password, if
TRUE for the data source specified for the database security adapter, and passes the user credentials to the database security adapter.
- If the user credentials match a database account, the user is logged into the database and is identified with a user record whose user ID is the same as the database account's username.
In other words, the database security adapter validates each user's credentials by trying to connect to the Siebel database.
Features Not Available for Database Authentication
Some of the features that other authentication strategies provide are not available with database authentication, including:
- A single user-authentication method that is valid for Siebel Business Applications and other applications
- User self-registration (typically used with customer applications)
- External delegated administration of users (typically used with partner applications)
- Creation of users from the Administration - User screen in Siebel Business Applications
Implementing Database Authentication
If you implement database authentication, it will typically be for a Siebel employee application, such as Siebel Call Center or Siebel Sales. Database authentication is configured as the default, and is the easiest to implement of the authentication approaches presented in this book.
Although configuration might not be required, parameters for the database security adapter can be configured using Siebel Server Manager. To do this, you specify parameter values for a named subsystem (enterprise profile). For Developer Web Clients, parameters can be configured by editing the application configuration file directly.
The database security adapter is specified using the Security Adapter Mode (SecAdptMode) and Security Adapter Name (SecAdptName) parameters:
- Security Adapter Mode must be set to DB (the default value).
- Security Adapter Name must be set to DBSecAdpt (the default value), or to a security adapter (enterprise profile or named subsystem) with a different name.
The Security Adapter Mode and Security Adapter Name parameters can be set for the Siebel Enterprise Server, for a particular Siebel Server, for an individual AOM component, or for the Synchronization Manager component (for Siebel Remote).
CAUTION: If you want to configure a server component or a Siebel Server to use different database authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then create a new database security adapter. Otherwise, settings you make will reconfigure the existing security adapter wherever it is used.
You can implement user password hashing if you implement database authentication by specifying the Hash User Password parameter. User password hashing maintains an unexposed, hashed password to a database account, while an unhashed version of the password is provided to the user for logging in. When user password hashing is enabled, a hashing algorithm is applied to the user's password before it is compared to the hashed password stored in the database. For details, see About Password Hashing.
NOTE: For database authentication, password hashing parameters are specified for a data source referenced from the database security adapter, rather than specified directly for the security adapter.
For more information about parameters for the database security adapter, see Configuration Parameters Related to Authentication.
An administrator must perform the following tasks to provide a new user with access to Siebel Business Applications and the Siebel database in a database authentication environment:
Using Database Authentication with MS SQL Server
When you install the Siebel Server, an ODBC data source name (DSN) is created which the Siebel Server uses to connect to the Siebel database. If you implement database authentication and you are using Siebel Business Applications with a Microsoft SQL Server database, ensure that you select the correct ODBC DSN configuration settings; if you do not, Siebel Web clients can log in to Siebel Business Applications without providing a password.
When you configure the ODBC DSN settings for an MS SQL Server database, you can choose from the following authentication options:
- Windows NT authentication using the network login ID
This option allows users to access applications on the server by entering a network login ID only. If you select this option, Siebel Web clients attempting to access Siebel Business Applications are not required to enter a password.
- SQL Server authentication using a login ID and password entered by the user.
This option requires users attempting to access applications on the server to enter a valid user ID and password. Select this option to ensure that Siebel Web clients must enter both a Siebel user ID and a password to access Siebel Business Applications.
The following procedure describes how to set the MS SQL Server ODBC data source settings on your Siebel Server.
To set ODBC data source values for MS SQL Server
- On the Siebel application server, from the Start menu, choose Settings, Control Panel, Administrative Tools, and then the Data Sources (ODBC) option.
- On the ODBC Data Source Administrator dialog box, select the System DSN tab.
- Select the Siebel data source name, and click Configure.
The Microsoft SQL Server DSN Configuration screen appears. The default Siebel data source name (DSN) is EnterpriseName_DSN, where EnterpriseName is the name you assigned the Siebel Enterprise when you configured it.
- Make any changes required and click Next.
- Select an authentication option:
- Amend any other configuration options as required, then click Next.
- Click Finish.