Security Guide for Siebel eBusiness Applications > About Security for Siebel Applications > Siebel Security Architecture >

User Authentication for Secure System Access

Siebel Systems has developed an open authentication architecture that integrates with a customer's selected authentication infrastructure. For more information, see Security Adapter Authentication and Web Single Sign-On Authentication.

Siebel Systems supports these types of user authentication:

• Siebel-provided database security adapter, for database authentication
• Siebel-provided LDAP or ADSI security adapters, for LDAP/ADSI authentication
• Web Single Sign-On (Web SSO)

Customers can also develop custom security adapters using a security adapter SDK.

These authentication mechanisms apply whether users access the Siebel application from within a LAN or WAN, or remotely. Figure 1 shows a logical view of the three primary types of user authentication within a Siebel site.

Figure 1.  Logical Diagram of User Authentication Methods Within a Siebel Site

Security Adapter for Database Authentication

Siebel Systems provides a database security adapter mechanism for credential collection and verification. The default login form collects Siebel username and password credentials. The security adapter works with the underlying security systems of the database to verify users' credentials.

With database authentication, each user must have a valid database account in order to access the Siebel application. The database administrator (DBA) must add all user database accounts. Database authentication deployment supports password hashing for protection against hacker attacks.

Any Siebel application can use database authentication, which is configured as the default. However, some functionality provided by Siebel Systems, such as workflow processes to support user self-registration or forgotten password scenarios (capabilities commonly used in customer applications), require authentication using LDAP or ADSI security adapters. For this reason, database authentication is rarely used with customer applications.

NOTE:  The exact valid character set for a Siebel username and password depends on the underlying authentication system. For database authentication, refer to documentation from your RDBMS vendor.

Security Adapters for LDAP/ADSI Authentication

For employee or customer applications, Siebel Systems includes a preconfigured security adapter interface to allow organizations to externalize credential verification in an LDAP or ADS directory. The interface connects to a security adapter, which contains the logic to validate credentials to a specific authentication service.

NOTE:  The exact valid character set for a Siebel username and password depends on the underlying authentication system. For LDAP/ADSI authentication, refer to documentation from your vendor, such as one of those listed below.

Siebel Systems customers can therefore verify user credentials with security standards such as Lightweight Directory Access Protocol (LDAP) or Active Directory Services Interface (ADSI).

Siebel Systems has developed security adapters for leading authentication services:

• LDAP security adapter integration is currently certified and supported for IBM Directory Server, Novell NDS eDirectory, and Sun ONE Directory Server.
• ADSI security adapter integration is certified and supported for Microsoft Active Directory.

For information on supporting additional security vendors, see Security Adapter SDK.

Web Single Sign-On

Siebel Systems offers customers the capability to enable a single login across multiple Web applications—also known as Web Single Sign-On (SSO). Siebel Systems provides a configurable mechanism for communicating with Web SSO infrastructures, identifying users, and logging users into Siebel applications.

With Web SSO, users are authenticated independently of Siebel applications, such as through a third-party authentication service, or through the Web server.

NOTE:  The exact valid character set for a Siebel username depends on the underlying authentication system. For Web SSO, refer to documentation from your vendor.

Siebel Systems has alliances with leading security providers for Web SSO integration. Providers are listed as security software partners in the Alliances section of the Siebel Web page.