| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
When you install your Siebel Business Applications, these security adapters are provided for user authentication:
Database security adapter (enabled by default)
For more information, see "About Database Authentication".
LDAP (Lightweight Directory Access Protocol) security adapter
ADSI (Active Directory Services Interface) security adapter
The security adapter is a plug-in to the authentication manager. The security adapter uses the credentials entered by a user (or supplied by an authentication service) to authenticate the user, as necessary, and allow the user access to the Siebel application.
You can implement a security adapter other than one of those provided by Siebel Business Applications provided the adapter you implement supports the Siebel Security Adapter Software Development Kit. For more information, see "Security Adapter SDK".
You can implement LDAP or ADSI authentication for application object manager components and for EAI components. Do not use the LDAP security adapter or ADSI security adapter to authenticate access for batch components such as, for example, the Communications Outbound Manager. Configure batch components to use the database security adapter instead. Batch components access the Siebel database directly and, as a result, must use the database security adapter. Note also that Siebel Server infrastructure and system management components such as Server Manager, Server Request Broker, and Server Request Processor access the Siebel database directly. For this reason, these components cannot use the LDAP or ADSI security adapter.
An LDAP directory or an Active Directory is a store in which information that is required to allow users to connect to the Siebel database, such as database accounts or Siebel user IDs, is maintained external to the Siebel database, and is retrieved by the security adapter. For specific information about third-party directory servers supported by the security adapters provided with Siebel Business Applications, see "Directory Servers Supported by Siebel Business Applications" and the Certifications tab on My Oracle Support.
In general, the process of security adapter authentication includes the following principal stages:
The user provides identification credentials.
The user's Siebel user ID and database account are retrieved from a directory, from the Siebel database, or from another external source (for Web Single Sign-On).
The user's identity is verified.
The user is granted access to the Siebel application and the Siebel database.
Depending on how you configure your authentication architecture, the security adapter might function in one of the following modes, with respect to authentication:
With authentication (LDAP or ADSI security adapter authentication mode). The security adapter uses credentials entered by the user to verify the user's existence and access rights in the directory. If the user exists, then the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles which are passed to the Application Object Manager to grant the user access to the Siebel application and the database. This adapter functionality is typical in a security adapter authentication implementation.
Without authentication (Web SSO mode). The security adapter passes an identity key supplied by a separate authentication service to the directory. Using the identity key to identify the user in the directory, the adapter retrieves the user's Siebel user ID, a database account, and, optionally, a set of roles that are passed to the Application Object Manager to grant the user access to the Siebel application and the database. This adapter functionality is typical in a Web SSO implementation.
|
Note: The security adapter does not provide authentication for Web SSO. Web SSO is the ability to authenticate a user one time for access to multiple applications, including Siebel Business Applications. However, when implementing Web SSO, you must also deploy a security adapter. |
For information on the most commonly reported error messages when implementing standard Siebel security adapters, see 477528.1 (Article ID) on My Oracle Support.
Siebel Business Applications provide the following event types to set log levels for security adapters:
Security Adapter Log
This event type traces security adapter events.
Security Manager Log
This event type traces security manager events.
Modify the values for these two event types to set the log levels that the Application Object Manager writes to the log file. For more information about how to set the log levels for event types, see Siebel System Monitoring and Diagnostics Guide. For more information about configuring the log events for Siebel Mobile applications and saving the log information, see Siebel Mobile Guide: Disconnected.
