Bookshelf Home | Contents | Index | Search | PDF

Security Guide for Siebel eBusiness Applications > Security Adapter Authentication >

Implementing LDAP and ADSI Security Adapter Authentication

---

You can set up your authentication architecture to authenticate a user for access to a single Siebel application when the user does either of the following:

Attempts to access a protected view (one specified for explicit login), such as a checkout view in Siebel eSales
Logs in while on an unprotected view, such as a Siebel application's home page

NOTE:  For a particular Siebel application, when users connect from the Siebel Dedicated Web Client to the server database, the authentication mechanism must be the same as that used for Siebel Web Client users. This mechanism could be database authentication or a supported external authentication strategy, such as LDAP or ADSI. When connecting to the local database from the Mobile Web Client, mobile users must use database authentication.

For information about authentication options for local database synchronization for mobile users, see Siebel Remote and Replication Manager Administration Guide.

To provide user access to a Siebel application on a Web site implementing security adapter authentication, the Siebel application must be able to extract the following from the directory:

Credentials to access the database
The user's Siebel user ID

Task Overview

You must do the following tasks to set up a typical security adapter authentication architecture:

Set up a directory from which a database account and a Siebel user ID can be retrieved for each user.
Set up a security adapter as a plug-in to the Application Object Manager.
Edit the eapps.cfg file to provide authentication parameter values.
Edit the configuration file for each Application Object Manager to provide authentication parameter values.
Edit authentication-related parameters in the Name Server of the Siebel Gateway.
Set authentication-related system preferences.
Restart the Siebel Server and the Web server.

Siebel Systems provides an LDAP/ADSI Configuration Utility to help you configure a directory service for your Siebel applications. For more information, see Using the LDAP/ADSI Configuration Utility.

Siebel Security Adapter Authentication and Siebel Dedicated Web Client

In a Siebel LDAP or ADSI security adapter authentication implementation, you must set Siebel system preferences to provide the following capabilities:

Security adapter authentication of Siebel Dedicated Web Client users
Propagation of user data from the Siebel Dedicated Web Client to the directory

For information about setting authentication-related Siebel system preferences, see System Preferences.

Deployment Options for Security Adapter Authentication

This section describes options that you can implement in a security adapter authentication environment that uses the Siebel LDAP or ADSI adapter only.

In addition to the options described here, you can also implement any of the options that are described in Security Adapter Deployment Options.

Adapter-defined user name. You can configure a Siebel application so that the username presented by the user is a value other than the Siebel user ID; for example, a Social Security number. The security adapter returns the Siebel user ID of the authenticated user and a database account from the directory to the authentication manager.
Shared database account. A designated entry in the directory contains a database account that is shared by other users.
Secure adapter communications. You can use a Secure Sockets Layer (SSL) to transmit data between a Siebel LDAP or ADSI security adapter and the directory.
Secure Login. Transmit user credentials entered to a login form over Secure Sockets Layer (SSL).

For information about authentication options and procedures for implementing them, see Authentication Options.

Bookshelf Home | Contents | Index | Search | PDF