Siebel Analytics Platform Installation and Configuration Guide > User Authentication Support in Siebel Analytics >

Setting Up LDAP Authentication in Analytics

Analytics License: All licenses.

Operating Systems: All.

This topic is part of User Authentication Support in Siebel Analytics, and a task of the Process of Configuring LDAP and ADSI for Analytics Authentication.

External authentication is determined by the presence of a defined session system variable USER. Associating USER with an LDAP initialization block determines that USER is authenticated by LDAP. Whenever a user logs into Siebel Analytics Server, the user name and password are passed to the LDAP server for authentication. After the user is authenticated successfully, other session variables for the user might also be populated from information returned by the LDAP server.

To configure LDAP authentication, you perform the following tasks:

1. Create an LDAP initialization block.

   For details of how to create an initialization block, see the topics on session variables in Siebel Analytics Server Administration Guide.)

2. Associate this initialization block with an LDAP server.
3. Define a system variable called USER.
4. Associate the USER system variable with the LDAP initialization block.

NOTE:  To provide other forms of authentication, you associate the USER variable with an initialization block associated with an external database or XML source. For details of how to set up other forms of authentication, see the topics on session variables in Siebel Analytics Server Administration Guide.)

About Using CMS Key Database Files for LDAP Authentication

An LDAP server usually allows two kinds of authentication over SSL:

• Server authentication
• Server and client authentication

Siebel Analytics Server uses server authentication. You must configure an LDAP server to allow client-side server authentication. For server authentication, you generate a CMS key database file with the Certificate Authority (CA) certificate and mark it as trusted. The CA is also the CA that issued the LDAP server's certificate. See the topics Configuring IKeyMan for CMS Key Generation and Generating a CMS Key Database File.

About GSKit (Global Security Kit)

IBM's GSKit (Global Security Kit) is a Java-based utility that provides CMS key database files for LDAP authentication over Secure Sockets Layer.

NOTE:  See Siebel System Requirements and Supported Platforms for the supported version of the Java runtime engine.

Before configuring LDAP authentication, make sure that GSKit is installed on the same machine as the Siebel Analytics Server, and that GSKit is configured for your operating system. See the topic Configuring IKeyMan for CMS Key Generation.

If GSKit is not already installed, see Security Guide for Siebel Business Applications for the installation procedure.