| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications > Security Adapter Authentication >
Siebel Security Adapters
A directory is a store in which the information that is required to allow users to connect to the database, such as database accounts and Siebel user IDs, is maintained external to the Siebel Database.
The security adapter is a plug-in to the authentication manager. The security adapter uses the user credentials entered by a user or supplied by an authentication service to retrieve the Siebel user ID, a database account, and, optionally, a set of roles from the directory.
In general, the process of security adapter authentication includes the following principal stages:
- The user provides identification credentials.
- The user's identity is verified.
- The user's Siebel user ID and database account are retrieved from a directory.
- The user is granted access to the Siebel application and the Siebel Database.
When you install your Siebel eBusiness Applications, two security adapters are also installed, an Active Directory Services Interface (ADSI) adapter and a Lightweight Directory Access Protocol (LDAP) adapter.
For specific information about third-party directory servers supported by Siebel security adapters, see System Requirements and Supported Platforms for your Siebel application.
You can implement a security adapter other than the Siebel LDAP adapter or ADSI adapter. To support the functionality described in this section for the Siebel adapters, the adapter you implement must support the Siebel Security Adapter Software Development Kit. For more information, see Security Adapters for External Authentication.
Depending on how you configure your authentication architecture, the security adapter may function in one of the following modes:
- With authentication (LDAP or ADSI security adapter authentication mode). The adapter uses credentials entered by the user to verify the user's existence in the directory. If the user exists, the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles which are passed to the Application Object Manager to grant the user access to the Siebel application and the database. This adapter functionality is typical in a security adapter authentication implementation.
- Without authentication (Web SSO mode). The adapter passes an identity key supplied by a separate authentication service to the directory. Using the identity key to identify the user in the directory, the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles that are passed to the Application Object Manager to grant the user access to the Siebel application and the database. This adapter functionality is typical in a Web SSO implementation.
NOTE: To protect against Web server spoofing attacks, the security adapter verifies the Siebel Web Server Extension's trust token before authentication takes place.
In a security adapter authentication environment, a Siebel-compliant security adapter also provides the function of creating a record in the directory when the user is created in the Siebel Database.
| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |