| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications > Authentication Details > Authentication Options >
User Specification Source
This option can be implemented in the following authentication strategy:
- Web SSO
In a Web SSO implementation, the Siebel Web Server Extension derives the user's username from either a Web server environment variable or an HTTP request header variable. You must specify one source or the other.
CAUTION: If your implementation uses a header variable to pass a user's identity key from the third-party authentication service, then it is the responsibility of your third-party or custom authentication client to set the header variable correctly. The header variable should only be set after the user is authenticated, and it should be cleared when appropriate by the authentication client. If a header variable passes an identity key to the Siebel authentication manager, and the trust token is also verified, then the user is accepted as authenticated.
To specify the source of the username
- In the eapps.cfg file, provide the following parameter values in either the [defaults] section or the section for each individual application, such as, for example, [/eservice].
UserSpec= name of the variable. For example:REMOTE_USER, ifUserSpecSourceis set toServer. IfUserSpecSourceis set toHeader, the value ofUserSpecwill be the variable that will be passed into the HTTP header; the name of the variable should not be prefaced with HTTP_.UserSpecSource = Server, if you use a Web server environment variable.UserSpecSource = Header, if you use an HTTP request header variable.NOTE: If you use a header variable to pass the username from an IIS Web server, first configure the IIS Web server to allow anonymous access. You make this security setting for the default Web site in the IIS Service Manager.
For information about setting parameters in the eapps.cfg file, see Parameters in the eapps.cfg File.
The user specification source is discussed in a usage context in Deployment Options for Web SSO and in Setting Up Web SSO: A Scenario.
| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |