Bookshelf Home | Contents | Index | Search | PDF

Security Guide for Siebel eBusiness Applications > Authentication Details > Authentication Options >

Digital Certificate Authentication

---

For customers who have an existing PKI (Public Key Infrastructure) with client certificates, Siebel Systems supports the use of X.509 certificates to authenticate users to an application. This is accomplished by using SSL with client authentication capabilities of its supported Web servers for certificate handling.

To implement X.509 digital certificate authentication, you must perform the tasks for implementing Web SSO authentication, as described in Implementing Web SSO Authentication, with the following specific guidelines:

Enter the following parameters in the [defaults] section of the eapps.cfg file:

Parameter	Comment
SingleSignOn = TRUE
TrustToken = HELLO
ClientCertificate = TRUE
UserSpec = CERT_SUBJECT or REMOTE_USER	For client authentication on Windows and AIX, use CERT_SUBJECT. For other UNIX platforms, use REMOTE_USER.
SubUserSpec = CN	This parameter value tells the application to extract the username from the certificate name. For the Sun ONE Web Server, this setting is ignored.
UserSpecSource = Server

In the configuration file for each affected application, such as eservice.cfg, enter the following parameters in the sections indicated:

[SWE]
SecureBrowse = FALSE

[LDAP] (or other name for your security adapter's section)
SingleSignOn = TRUE
TrustToken = HELLO

For additional information about digital certificate implementation, see Certificate-Based Authentication and Its Application in Siebel 7, available on Siebel SupportWeb.

Bookshelf Home | Contents | Index | Search | PDF