Bookshelf v7.5: About User Authentication

Security Guide for Siebel eBusiness Applications > User Authentication Overview >

About User Authentication

Authentication is the process of verifying the identity of a user. Siebel Systems supports three approaches for authenticating users: database authentication, security adapter authentication, and Web SSO.

You must choose one of three fundamental authentication architectures for your Siebel application users:

Database authentication. This approach relies on the underlying application database for user authentication.

Security adapter authentication. Siebel applications support authentication to Microsoft Active Directory Server and LDAP-compliant directories using a Siebel-provided security adapter or a custom adapter you provide. In this architecture, the adapter authenticates users against the directory.

Web Single Sign-On (Web SSO). This approach uses an external authentication service to authenticate users before they access the Siebel application. In this architecture, a Siebel-provided security adapter or a custom adapter you provide does not authenticate the user. The security adapter simply looks up and retrieves a user's Siebel user ID and database account from the directory based on the identity key that is accepted from the external authentication service.

You may choose the approach for user authentication individually for each application in your environment based on the specific application requirements. However, there are administrative benefits to using a consistent approach across all of your Siebel applications because a consistent approach lowers the overall complexity of the deployment.

Table 5 highlights the capabilities of each authentication approach to help guide your decision. Several options are available for each basic strategy.

Table 5. Comparison of Authentication Approaches
Desired Deployment or Functionality	Database	Security Adapter	Web SSO	Comments
Does not require additional infrastructure components.	X
Centralizes storage of user credentials and roles.		X	X
Limits number of database accounts on the application database.		X	X
Supports dynamic user registration. Users are created in real-time through self-registration or administrative views.		X	(X)	For Web SSO, user registration is the responsibility of the third-party authentication architecture. It is not logically handled by the Siebel architecture.
Supports account policy. You can set policies such as password expiration, password syntax, and account lockout.	X	X	(X)	Among supported RDBMS vendors for the Siebel Database, account policy (password expiration only) is supported only for IBM DB2 Universal Database. For Web SSO, account policy enforcement is handled by the third-party infrastructure.
Supports Web Single Sign-On, the capability to log in once and access all the applications within a Web site or portal.			X