Bookshelf Home | Contents | Index | Search | PDF | ![]() ![]() ![]() ![]() |
Security Guide for Siebel eBusiness Applications > Web Single Sign-On and Remote Authentication >
Overview of Web Single Sign-On
In a Web SSO implementation, users are authenticated by a third party at the Web site level. Siebel applications support this mode of authentication by providing an interface that allows the third party to pass user information to a Siebel application. Once authenticated by the third party, a user does not have to explicitly log into the Siebel application. Web SSO allows you to deploy Siebel applications into existing Web sites or portals.
Web SSO architecture is appropriate for Web sites on which only approved registered users can gain access to sensitive data, such as a Web site on which you share data with your channel partners.
Figure 11 shows an example of authentication architecture for Web SSO.
The steps in the Web SSO authentication process shown are:
- The user enters credentials at the Web site that are passed to the Web server. A third-party authentication client on the Web server passes the user credentials to the third-party authentication service. The third-party authentication service verifies the user credentials and passes the authenticated user's username to the Siebel Web Server Extension (SWSE).
- The Siebel Web Server Extension (SWSE) passes the authenticated user's username to the authentication manager, a component of the Application Object Manager. The username can be the Siebel user ID or another attribute.
- The security adapter provides the authenticated user's username to a directory, from which the user's Siebel user ID, a database account, and, optionally, roles are returned to the authentication manager.
- The Object Manager uses the returned credentials to connect the user to the database and to identify the user.
Because Web SSO deployments assume that user authentication and user management are the responsibility of the third-party security infrastructure, the following capabilities are not available, as Siebel eBusiness Applications features, in a Web SSO environment:
- User self-registration
- Delegated administration of users
- Login forms
- Logout links or the Log Out menu item in the File application-level menu
- Change password
Your Siebel applications may require configuration changes to hide such functionality. For more information, refer to Siebel Tools Reference.
Following are some implementation considerations for a Web SSO strategy:
- Users are authenticated independently of Siebel applications, such as through a third-party authentication service or through the Web server.
- You must synchronize users in the authentication system and users in the Siebel Database at the Web site level.
- You must configure user administration functionality, such as self-registration, at the Web site level.
- A delegated administrator can add users to the Siebel Database, but not to the authentication system.
For more information about integrating third-party authentication software with Siebel eBusiness Applications, see Siebel SupportWeb or contact the Siebel Alliance Group.
Bookshelf Home | Contents | Index | Search | PDF | ![]() ![]() ![]() ![]() |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |