Bookshelf Home | Contents | Index | Search | PDF |
Implementing Siebel eBusiness Applications on DB2 UDB for OS/390 and z/OS > Security > OS/390 and z/OS Security >
Using an External Security Adapter
An external security adapter is an interface that lets you use an external system to authenticate users. For example, you might employ an LDAP (Lightweight Data Access Protocol) repository, a protocol for storing and retrieving directory-related information that includes authentication services.
Using an external security adapter makes administration easier, because you do not have to create an account for each Siebel application user on the OS/390 host. You can instead create a few generic database accounts that are used by multiple Siebel users.
When users log onto the Siebel application, the external security adapter validates user names, passwords, user roles, and database credentials against the information in the external system. If the external security adapter finds a match, it retrieves a generic set of user credentials (username and password) that supply access to the database.
NOTE: For LDAP, the generic set of user credentials can be the same for every user, if desired.
The following paragraphs summarize the steps required to configure LDAP for use with Siebel eBusiness Applications. For detailed instructions on how to configure LDAP, refer to Applications Administration Guide and Security Guide for Siebel eBusiness Applications.
The default user objectclass in LDAP is inetOrgPerson (or one of its descendants). The user ID can be stored in the uid attribute, the password in the userpassword attribute, and the database credentials in any unused directory string-type attribute, such as mail.
Database credentials should take the following form:
username=
db_user
password=db_password
where:
db_user
= a valid user ID with appropriate access; it need not be a Siebel user.
db_password
= the password for the given user ID (in lowercase characters).NOTE: The values for user name and password must be lowercase. The credential contains one space between the two parameters and no additional spaces.
You must configure LDAP in several different locations, as described below.
To configure LDAP
- Edit the appropriate Siebel Application Object Managers (AOM):
- Launch Siebel Call Center or another Siebel application and activate Server Manager. For instructions on how to use Server Manager, refer to Siebel Server Administration Guide.
- Locate the applicable configuration file for your application (for example, uagent.cfg for Call Center) and supply the following information in the
[LDAP]
section of the file:- Edit the eapps.cfg file of your Siebel Web Server Extension.
- Locate the eapps.cfg file in the binary subdirectory of your Siebel Web Server Extension installation directory.
- Open the eapps.cfg file using any text editor, such as Notepad on Windows or vi on UNIX, and edit it appropriately for your environment, using the following example:
[/callcenter_enu]
AnonUserName = user1
AnonPassword = password1
NOTE: Make sure the parameters
AnonUserName
andAnonPassword
for the application you are using are valid for a Siebel user that exists in your LDAP server.- If your enterprise uses applications such as Siebel eService, and you want users to be able to self-register or you want to use a delegated administrator, you must revise and activate the following workflows:
- User Registration Company Information (SCW)
- User Registration Forgot Password Process
- User Registration Initial Process
- User Registration SubProcess
- User Registration Process
- User Registration Individual Information (SCW)
- Set the following system OS Preferences:
- Configure the applications your enterprise uses for LDAP by setting the
SecurityAdapter
parameter toLDAP
in their Application Object Manager, using the instructions in Step 1. In this example,sccobjmgr_enu
is the object manager for Siebel Call Center.
- To set all Siebel applications to use LDAP, using the command-line tool
srvrmgr
, enter the following command:change ent param SecurityAdapter=LDAP
- To change an individual application, enter the following command:
change param SecurityAdatper=LDAP for comp
YourAppObjMgr_lang
where:
YourAppObjMgr
is the name of the Application Object Manager that applies, appended by the three-letter language prefix, such assccobjmgr_enu
for Siebel Call Center.
Bookshelf Home | Contents | Index | Search | PDF |
Implementing Siebel eBusiness Applications on DB2 UDB for OS/390 and z/OS Published: 18 April 2003 |