Implementing Database Authentication

This topic describes how to implement database authentication. Database authentication is typically implemented for a Siebel employee application, such as Siebel Call Center or Siebel Sales.

When creating a profile using Siebel Management Console, the database security adapter is selected by default, indicating to use database authentication, but you can change this and select to use an LDAP or a custom security adapter as required.

Note: Database authentication is supported for development environments only, it is not supported for production environments. It is strongly recommended that you use TLS for database authentication.

About Implementing the Database Security Adapter

You implement the database security adapter using the Enterprise Security Authentication Profile (Security Adapter Mode) parameter and the Security Adapter Name (named subsystem) parameter. You can set these parameters for the Siebel Gateway, the Siebel Enterprise Server, for a particular Siebel Server, for an individual Application Object Manager component, or for the Synchronization Manager component (for Siebel Remote).

Note: To configure an individual Siebel Server or component to use LDAP at a later time, then you must configure the Enterprise Security Authentication Profile (Security Adapter Mode) and the Security Adapter Name (named subsystem) parameters as shown in Step 1 of the following procedure.

You can configure the Security Adapter Mode and Security Adapter Name parameters using the Siebel Management Console.

Caution: If you want to configure a server component or a Siebel Server to use different database authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then you must create a new database security adapter. If you do not, then settings you make reconfigure the existing security adapter wherever it is used.

The following procedure describes how to implement database authentication.

To implement database authentication 

1. Specify that you want to use the database security adapter by setting values for the following parameters:

   1. Set the Security Adapter Mode parameter to DB.

   2. Set the Security Adapter Name parameter to DBSecAdpt, or to a security adapter (enterprise profile or named subsystem) with a different name.

   For more information about parameters for the database security adapter, see Appendix A, "Configuration Parameters Related to Authentication".

2. If you want to implement user password hashing, then set the Hash User Password parameter to True.

   For detailed information on this task, see "Configuring User Password Hashing".

   User password hashing maintains a hashed password in the database account while an unhashed version of the password is provided to the user for logging in. When user password hashing is enabled, a hashing algorithm is applied to the user's password before it is compared to the hashed password stored in the database. It is recommended that you implement password hashing for user passwords.

   
   

   Note: For database authentication, password hashing parameters are specified for a data source referenced from the database security adapter, rather than specified directly for the security adapter.

   
   

3. Provide each user with access to Siebel Business Applications and the Siebel database as follows:

   1. Create a database account for the user using your database management functionality.

   2. Create a Siebel user record in the Siebel database; the user ID must match the user name for the database account.

      You add users to the Siebel database through an employee application such as Siebel Call Center. For detailed information about adding users, see "About Adding a User to the Siebel Database".

4. If you are implementing database authentication with an MS SQL Server database, then perform the task described in "Implementing Database Authentication with Microsoft SQL Server".

About Password Expiration

If you use database authentication, then it is recommended that you implement database password expiration policies on the database server if this functionality is supported by your RDBMS. For example, it is recommended that you configure database passwords to expire after a defined time period unless they are changed.

On some RDBMSs this functionality is provided by default; on others this functionality, if provided, must be configured. For information on the password expiration policies supported by your RDBMS, see the appropriate RDBMS vendor documentation.

Note: Support for password expiration policies and database user account password change through Siebel Business Applications is available only on supported IBM DB2 RDBMS operating systems.

Implementing Database Authentication with Microsoft SQL Server

This topic describes additional tasks you must perform when implementing database authentication if you are using Siebel Business Applications with an MS SQL Server database. For information on implementing database authentication, see "Implementing Database Authentication".

When you install the Siebel Server, an ODBC data source name (DSN) is created, which the Siebel Server uses to connect to the Siebel database. If you implement database authentication, and you are using Siebel Business Applications with a Microsoft SQL Server database, then make sure that you select the correct ODBC DSN configuration settings; if you do not, Siebel Web Clients can log in to the Siebel application without providing a password.

When you configure the ODBC DSN settings for an MS SQL Server database, you can choose from the following authentication options:

• Windows authentication using the network login ID

  This option allows users to access applications on the server by entering a network login ID only. If you select this option, then Siebel Web Clients attempting to access the Siebel application are not required to enter a password.

• SQL Server authentication using a login ID and password entered by the user

  This option requires users attempting to access applications on the server to enter a valid user ID and password. Select this option to make sure that Siebel Web Clients must enter both a Siebel user ID and a password to access the Siebel application.

The following procedure describes how to set the MS SQL Server ODBC data source settings on your Siebel Server.

To set ODBC data source values for Microsoft SQL Server 

1. On the Siebel Server computer, from the Start menu, choose Settings, Control Panel, Administrative Tools, and then the Data Sources (ODBC) item.

2. On the ODBC Data Source Administrator dialog box, select the System DSN tab.

3. Select the Siebel data source name, and click Configure. The default Siebel data source name (DSN) is EnterpriseName_DSN, where EnterpriseName is the name you assigned the Siebel Enterprise when you configured it.

   The Microsoft SQL Server DSN Configuration screen appears.

4. You are presented with the following authentication options:

   • Windows authentication using the network login ID.

     Do not select this option.

   • SQL Server authentication using a login ID and password entered by the user.

     Select this option to make sure that Siebel Web Clients must enter both a Siebel user ID and a password to access the Siebel application.

5. Amend any other configuration options as required, then click Next.

6. Click Finish.