Bookshelf v7.5: LDAP and ADSI Security Adapter Authentication

Security Guide for Siebel eBusiness Applications > Security Adapter Authentication >

LDAP and ADSI Security Adapter Authentication

Siebel eBusiness Applications includes security adapters that are based on the LDAP and ADSI standards, allowing customers to use LDAP directories or Microsoft Active Directory for user authentication.

In an implementation using Siebel LDAP or ADSI security adapter authentication, a Siebel security adapter or a Siebel-compliant adapter authenticates a user's credentials against the directory and retrieves login credentials from the directory. The security adapter functions as the authentication service in this architecture.

Security adapter authentication provides a user with access to a single Siebel application only. The authentication does not serve for other applications on the Web Site.

Figure 10 shows a security adapter authentication architecture.

Figure 10. Security Adapter Authentication

The steps in the security adapter authentication process are:

The user enters credentials to a Siebel application login form. These user credentials (a username and password) can vary depending on the way you configure the security adapter. For example, the username could be the Siebel user ID or an identifier such as an account or telephone number. The user credentials pass to the Siebel Web Server Extension (SWSE) and then to the authentication manager, a component of the Application Object Manager.

The authentication manager determines how to process the user credentials and calls the security adapter to provide authentication against the directory.

The security adapter returns the Siebel user ID and a database account to the authentication manager. (If roles are used, they are also returned to the authentication manager.)

The Application Object Manager uses the returned credentials to connect the user to the database and to identify the user.

Security adapter authentication can offer the following benefits:

Automatic updating of the directory with new or modified user information entered through the Siebel application interface by an internal administrator, a delegated administrator, or a self-registering user

User self-registration

Registration of users by delegated administrators through the Web site

User authentication external to the database

Security adapter authentication does not provide for Web SSO. Web SSO is the capability for a user's authentication on your Web site to serve for access to other applications on the Web site, including Siebel applications.