Bookshelf Home | Contents | Index | Search | PDF |
Security Guide for Siebel eBusiness Applications > Web Single Sign-On and Remote Authentication >
Setting Up Web SSO: A Scenario
This section provides instruction to set up a Web SSO architecture for a single Siebel application. Your implementation may include more than one Siebel application, and you may implement options that are not included here.
Make sure you implement Web SSO in a development environment before deploying it in a production environment. You can repeat the appropriate instructions here to provide Web SSO access to additional Siebel applications. To implement other options, see Authentication Options.
These instructions implement the following basic configuration:
- IIS Web server is deployed on Windows NT. The IIS Web server functions as the authentication service.
- An Active Directory Server (ADS) and the Web server are installed on different machines.
- The ADS serves as a directory of users for the following functions:
- It authenticates Web server users.
- It provides the Siebel user ID and the database account for authenticated Web server users.
- The Siebel ADSI adapter is used to communicate between the authentication manager and the ADS.
- The Siebel Server, which includes the Application Object Managers representing the deployment of your Siebel Web-based applications.
NOTE: The instructions in this section describe a minimal, baseline configuration. In a production environment, it is not recommended to install the Siebel Server on the same machine as the Web server.
If you use a non-Siebel security adapter, it must support the Siebel Security Adapter Software Developers Kit, described in Security Adapters for External Authentication. You must adapt the applicable parts of the following implementation to your security adapter.
The following installations must be completed before you set up this Web SSO authentication environment.
- Your Web server and the ADS are installed on different machines.
- The Siebel applications, including the Siebel Gateway and the Siebel Server, are installed. The Siebel Server, including affected Application Object Managers, is installed on the Web server machine.
These instructions assume that you are experienced with administering the ADS. You can perform tasks such as creating and modifying user storage subdirectories, creating attributes, creating users, and providing privileges to users.
Process of Implementing Web SSO
You must perform the tasks in the following process to implement Web SSO in this environment:
- Create protected virtual directories for Siebel applications on the Web server machine. See Creating Protected Virtual Directories.
- Create a database login for users who are authenticated externally. See Creating a Database Login.
- Set up the ADS. See Setting Up the Active Directory Server.
- Create three users in the ADS directory: a regular user, the anonymous user, and the application user. See Creating Users in the Directory.
- Add user records in the Siebel Database corresponding to the regular user and the anonymous user in the directory. See Adding User Records in the Siebel Database.
- Edit eapps.cfg file parameters. See Editing Parameter Values in the eapps.cfg File.
- Edit the Siebel application's configuration file parameters. See Editing Parameter Values in the Application Configuration File.
- Edit the Name Server parameters. See Editing Name Server Parameters.
- Set system preferences. See Setting System Preferences.
- Restart the Siebel Server and the Web server. See Restarting Servers.
- Test the implementation. See Testing the Web SSO Authentication.
Bookshelf Home | Contents | Index | Search | PDF |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |