Security Guide for Siebel eBusiness Applications > Authentication Details > Authentication Options >

Adapter-Defined User Name

This option can be implemented in the following authentication strategies:

You can configure your external authentication system so that the username passed to the directory to retrieve a user's database account is not the Siebel user ID. For example, you may want users to enter an adapter-defined user name, such as their Social Security number or an account number.

When a user logs in with an adapter-defined user name, the user's Siebel user ID must still be provided to the Application Object Manager.

The adapter-defined user name must be stored in one attribute in your directory, while the Siebel user ID is stored in another attribute. For example, you may have users enter their telephone number, stored in the telephonenumber attribute, while their Siebel user ID is stored in the uid attribute.

The UsernameAttributeType configuration parameter defines the directory attribute that stores the user name that is passed to the directory to identify the user, whether it is the Siebel user ID or an adapter-defined user name. The OM - Username BC Field Name Server parameter defines the field of the User business component that underlies the attribute specified by UsernameAttributeType.

Even if other requirements to administer user attributes in the directory through the Siebel client are met, you must also set the UsernameAttributeType and OM - Username BC Field parameters. Otherwise, changes through the Siebel client to the underlying field are not propagated to the directory.

For example, for users to log in with their work phone number, you must specify UsernameAttributeType to be the directory attribute in which the phone number is stored, for example telephonenumber, and you must define OM - Username BC Field to be Phone #, the field in the User business component for work phone number.

To implement an adapter-defined user name

  1. For each Siebel application that implements an adapter-defined user name, set the following parameter values in the application's configuration file. For example, edit the eservice.cfg file for Siebel eService.

    2. In the [adapter_name] section, for example [LDAP]:

    UseAdapterUsername = TRUE

    SiebelUserNameAttributeType = attribute in which you store the Siebel user ID, such as uid (LDAP) or sAMAccountName (ADSI).

    UsernameAttributeType = attribute in which you store the adapter-defined user name, such as telephonenumber.

  2. Determine the field on the User business component that is used to populate the attribute in the directory that contains the adapter-defined username.

    3. The Application Object Manager parameter to be populated is UsernameBCField.

    For information about working with Siebel business components, see Siebel Tools Reference.

  3. In the Name Server, enter the User business component field name as the value for the OM - Username BC Field parameter. You can provide this value at the enterprise, server, or component level. If this parameter is not present in the parameters list, add it.

    4. NOTE:  If you do not specify a field in the OM - Username BC Field parameter, the Siebel security adapters assume the Login Name field of the User business component (the Siebel user ID) underlies the attribute defined by the UsernameAttributeType parameter.

For information about setting Siebel application configuration file parameters, see Siebel Application Configuration File Parameters.

For information about setting Name Server parameters, see Name Server Parameters.

The adapter-defined user name is discussed in a usage context in Deployment Options for Security Adapter Authentication.


 Security Guide for Siebel eBusiness Applications 
 Published: 23 June 2003