Siebel Security Guide > Web Single Sign-On Authentication > Process of Implementing Windows Integrated Authentication >

Configuring the Microsoft IIS Web Server for Windows Integrated Authentication

This topic describes the configuration tasks you must perform on the IIS Web Server for Windows Integrated Authentication.

This task is a step in Process of Implementing Windows Integrated Authentication.

Configuring the IIS Web Server to Authenticate against Active Directory

Configure the Microsoft IIS Web Server to authenticate against the Active Directory. Select the type of authentication that is most appropriate for your deployment.

For purposes of testing this Web SSO implementation, configure your Web site to require users to log in at an entry point to the Web site.

Configuring Authentication for Siebel Virtual Directories

During configuration of the Siebel Web Server Extension, Siebel virtual directories are created on the IIS Web server for the installed Siebel Business Applications. For example, the virtual directory eservice_enu is for Siebel eService using U.S. English (ENU). You must set the authentication mode for these virtual directories to Windows Authentication or Integrated Windows Authentication, depending on the version of IIS Web Server that you are using.

For information about configuring authentication modes for the Microsoft IIS Web Server, go to the Microsoft MSDN Web site at

http://msdn.microsoft.com

(Optional) Creating Protected Virtual Directories

This topic describes how to create virtual directories in a Web SSO implementation. Creating virtual directories allows users to access a Siebel application and anonymously browse specific views while requiring Web SSO authentication to access other views in the application.

Protected virtual directories are used with Siebel Business Applications that support anonymous browsing. By making parts of the application available under two Web server virtual directories, you can configure the third-party authentication client to protect one virtual directory while leaving the other unprotected, and thus accessible for anonymous browsing. When a user requests a Siebel view that requires explicit login, the request is automatically redirected to the protected virtual directory and the user must enter a Web SSO login to proceed.

Perform the steps in the following procedure to create a custom protected virtual directory, and to enable Windows Authentication for the virtual directory.

To create a protected virtual directory

1. Make a copy of the appropriate eapps_virdirs batch file provided in the SWSE logical profile directory.

   The eapps_virdirs batch files are used to create Siebel virtual directories. For additional information on creating custom virtual directories, see Siebel Installation Guide for the operating system you are using.

2. Edit the copied eapps_virdirs file to specify the name and other details of the virtual directory you want to create for the Siebel application.

   For example, enter p_eservice as a virtual directory name for Siebel eService.

3. Run the eapps_virdirs batch file, and a Siebel virtual directory with the name you specified is created.

   It is recommended that you save the edited eapps_virdirs file so that it can be used if you need to restore or migrate your virtual directory environments.

4. Set the Authentication setting for the virtual directory you created to Windows Authentication as follows:
   1. In the Internet Service Manager explorer, right-click the virtual directory you created in the previous steps, then choose Properties.

      The Properties dialog box appears.

   2. Click the Directory Security tab.
   3. Click Edit in the Anonymous Access and Authentication Control section.
   4. The Authentication Methods dialog box appears.
   5. Check the Integrated Windows Authentication check box, and uncheck all others. Make sure that the Allow Anonymous Access box is unchecked.

      NOTE:  On some versions of the IIS Web Server, an Integrated Authentication check box is not displayed. In this case, make sure that the Allow Anonymous Access box is unchecked and enable Windows Authentication.

   6. Click Yes on the Internet Service Manager caution dialog, and then click OK when you return to the Authentication Methods dialog box.

      The Directory Security tab in the Properties dialog box appears.

   7. Click Apply, and then click OK.