Bookshelf Home | Contents | Index | Search | PDF

Security Guide for Siebel eBusiness Applications > Web Single Sign-On and Remote Authentication >

Implementing Web SSO Authentication

---

To provide user access to Siebel applications on a Web site implementing Web SSO, the Siebel applications must be able to determine the following from the authentication system:

Verification that the user has been authenticated
A user credential that can be passed to the directory, from which the user's Siebel user ID and database account can be retrieved

NOTE:  For a particular Siebel application, when users connect from the Siebel Dedicated or Mobile Web Client to the server database, the authentication mechanism must be the same as that used for Siebel Web Client users. This mechanism could be database authentication or a supported external authentication strategy, such as LDAP or ADSI. When connecting to the local database, however, mobile users must use database authentication.

For information about authentication options for local database synchronization for mobile users, see Siebel Remote and Replication Manager Administration Guide.

Task Overview

Depending on the components and options you implement, you must perform some or all of the following tasks to set up a Web SSO authentication architecture:

Create protected virtual directories for Siebel applications.
Set up third-party Web server authentication.
Set up a directory from which database accounts and the user's Siebel user ID can be retrieved.
Create a database login for users who are authenticated externally.
Create user records in the authentication service, in the directory, and in the Siebel Database.
Set up a security adapter as a plug-in to the Application Object Managers.
Edit the eapps.cfg file to provide authentication parameter values.
Edit the configuration file for each Application Object Manager to provide authentication parameter values.
Edit authentication-related parameters in the Name Server of the Siebel Gateway.
Set system preferences.
Restart the Siebel Server and the Web server.
Test the implementation.

Deployment Options for Web SSO

This section describes options that you can implement only in a Web SSO environment that uses a Siebel-compliant security adapter.

User specification source. You must specify the source from which the Siebel Web Engine derives the user's identity key: a Web server environment variable or an HTTP request header variable.
You can also implement any of the options that are described in Security Adapter Deployment Options.

In a Web SSO environment, you must also provide your authentication service. If the authentication service does not include an authentication client, you may have to provide an authentication client.

For information about authentication options and procedures for implementing them, see Authentication Options.

For information about special considerations to implementing user authentication, see User Authentication Issues.

Digital Certificate Authentication

A digital certificate is a digital document that includes the public key bound to an individual, organization, or machine. Certificates are issued by certificate authorities (CAs) who have documented policies for determining owner identity and distributing certificates.

X.509 digital certificate authentication is a standards-based security framework that is used to secure private information and transaction processing. Certificates are exchanged in a manner that makes sure the presenter of a certificate possesses the private-key associated with the public-key contained in the certificate.

Siebel Systems supports X.509 digital certificate authentication by the Web server. The Web server performs the digital certificate authentication and Siebel accepts the authentication result in the form of Web SSO.

For information on implementing digital certificate authentication for Web SSO, see Digital Certificate Authentication.

Bookshelf Home | Contents | Index | Search | PDF