Go to primary content
Siebel CRM Siebel Security Guide
Siebel Innovation Pack 2017, Rev. A
E24814-01
  Go to Documentation Home
Home		 Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		 Next
Next		     View PDF

Web Single Sign-On Authentication Process

Figure 6-1 illustrates the user authentication process in a Web SSO environment.

Figure 6-1 Web Single Sign-On Authentication Process

Web single sign-on authentication process.

The steps in the Web SSO authentication process are as follows:

  1. A user attempts to access the Siebel client (A).

  2. The SSO authentication service intercepts the user request and determines if the Siebel resource is protected (B).

    1. If the resource is protected, the SSO authentication service checks for the user's session cookie.

    2. If a valid session does not exist, the user is prompted to enter a username and password.

  3. The user enters credentials at the client that are passed to the Web server (C).

  4. The third-party authentication client on the Web server (C) passes the user credentials to the third-party authentication service (B).

  5. The authentication service verifies the user credentials, sets an HTTP header variable that maps to the Siebel user ID, and passes the authenticated user's user name in the header variable to the Siebel Application Interface on the Web server (C).


    Note:

    For LDAP standards-based Web SSO, a header variable must be used.

  6. The Siebel Application Interface passes the authenticated user's user name and the value for the Trust Token parameter to the security adapter. The user name can be the Siebel user ID or another attribute (E).

  7. The security adapter provides the authenticated user's user name to a directory, from which the user's Siebel user ID, a database account, and, optionally, roles are returned to the security adapter (F).

    In addition, the security adapter compares the Trust Token value provided in the request with the value stored in the Application Object Manager's configuration file (D). If the values match, then the Application Object Manager accepts that the request has come from the Siebel Application Interface; that is, from a trusted Web server.

  8. The Application Object Manager (D) uses the returned credentials to retrieve the user's data based on their roles and visibility (G).

    If the user is not authorized, the user is denied access and redirected to another URL as determined by the organization's administrator.

Related Topic 

  Previous
Previous 		 Next
Next
  Go to Documentation Home
Home		 Go To Table Of Contents
Contents		 Go To Index
Index