About Authentication for Siebel Gateway Access

The Siebel Gateway registry serves as the dynamic registry for Siebel servers and components. The gateway provides startup information to the application servers and, if compromised, could propagate changes throughout the server environment. To prevent unauthorized changes to the enterprise configuration parameters on the gateway, user access to the gateway is authenticated. Authentication is not implemented for starting the gateway, only for connecting to it.

Siebel Gateway authorization is required whether you use the Siebel Management Console, Siebel Server Manager, or other utilities to access the gateway. In each case, you must specify a valid gateway authentication user name and password. For information on the gateway authentication credentials, see "About Siebel Gateway Authentication Password".

Authentication Mechanisms

You can choose to use database authentication, LDAP authentication, or custom authentication for the Siebel Gateway and Enterprise.

When you configure Siebel Gateway (first time running Siebel Management Console) or create a profile subsequently, the database security adapter is selected by default, indicating to use database authentication, but you can change this and select to use an LDAP or a custom security adapter as required.

The enterprise profile that you define when configuring the Siebel Enterprise Server using the Siebel Management Console contains the Enterprise Security Authentication Profile (Security Adapter Mode) parameter, the Security Adapter Name (named subsystem) parameter and the Primary Language parameter. You use these parameters to choose the type of authentication to use for the Enterprise.

For information on implementing LDAP authentication for Siebel Gateway, see "Implementing LDAP Authentication for Siebel Gateway".

Security Profile Configuration

The security profile, which is centrally stored in the registry, contains the configuration parameters that determine how access to Siebel Gateway is authenticated. When a user attempts to log in to the gateway, the user's credentials are passed by the server to the authentication provider specified in the security profile, which checks that the user has the required administrator privileges to access the gateway. If it has, the gateway starts to process service requests.

Note: Authentication is not required for starting the gateway, only for connecting to it.

You configure the security profile using the Siebel Management Console. For more information on the authentication configuration parameters that you must set for the gateway, see "Configuring Security Adapters Using the Siebel Management Console" and "Parameters for Configuring Security Adapter Authentication".

Implementing LDAP Authentication for Siebel Gateway

This topic describes how to implement LDAP authentication for Siebel Gateway. This involves configuring the Siebel Enterprise Server for LDAP authentication using the Siebel Management Console, then adding parameters to the gateway security profile and the LDAP directory. These tasks are described in the following procedure.

To implement LDAP authentication for Siebel Gateway 

1. Using the Siebel Management Console, configure your Siebel Enterprise to use the LDAP security adapter provided with Siebel Business Applications.

   For information on this task, see "Configuring Security Adapters Using the Siebel Management Console".

2. Add the following parameters to the gateway security profile to specify the security adapter you want to implement.

   Section Under Security Profiles	Parameter	Value
   Basic Information [InfraSecMgr]	Enterprise Security Authentication Profile (Security Adapter Mode)	The security adapter mode to operate in: For LDAP, specify LDAP.
   Basic Information [InfraSecMgr]	Security Adapter Name (named subsystem)	The name of the security adapter. For LDAP, specify LDAPSecAdpt or another name of your choice.
   Data Sources [LDAPSecAdpt]	Roles Attribute	The name of the directory attribute that is used to store role information, for example, roles.

   
   

3. Add the following information to the LDAP directory:

   • The user name and password for gateway authentication.

   • For the gateway user, in the directory attribute that is used to store role information (for example, the roles attribute), specify the user role that is required to access the gateway. Specify Siebel Administrator as the default role.