Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Web Single Sign-On Authentication >

Web Single Sign-On Authentication Process

The user authentication process in a Web SSO environment is illustrated in Figure 4. The steps in the Web SSO authentication process are as follows:

  1. A user attempts to access the Siebel client. (A)
  2. The SSO authentication service intercepts the user request and determines if the Siebel resource is protected. (B)
    1. If the resource is protected, the SSO authentication service checks for the user's session cookie.
    2. If a valid session does not exist, the user is prompted to enter a username and password.
  3. The user enters credentials at the client that are passed to the Web server. (C)
  4. The third-party authentication client on the Web server (C) passes the user credentials to the third-party authentication service. (B)
  5. The authentication service verifies the user credentials, sets an HTTP header variable that maps to the Siebel user ID, and passes the authenticated user's user name in the header variable to the Siebel Web Server Extension (SWSE) on the Web server. (C)

    NOTE:  For LDAP standards-based Web SSO, a header variable must be used.

  6. The SWSE passes the authenticated user's user name and the value for the TrustToken parameter to the security adapter. The user name can be the Siebel user ID or another attribute. (E)
  7. The security adapter provides the authenticated user's user name to a directory, from which the user's Siebel user ID, a database account, and, optionally, roles are returned to the security adapter. (F)

    In addition, the security adapter compares the TrustToken value provided in the request with the value stored in the Application Object Manager's configuration file (D). If the values match, then the Application Object Manager accepts that the request has come from the SWSE; that is, from a trusted Web server.

  8. The Application Object Manager (D) uses the returned credentials to retrieve the user's data based on their roles and visibility. (G)

    If the user is not authorized, the user is denied access and redirected to another URL as determined by the organization's administrator.

Figure 4 illustrates the Web SSO authentication process.

Figure 4. Web Single Sign-On Authentication Process
Related Topic

About Web Single Sign-On

    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.