1. Siebel CRM Desktop for Microsoft Outlook Administration Guide
  2. Flow That CRM Desktop SSO Uses During Authentication

Flow That CRM Desktop SSO Uses During Authentication

The following figure illustrates the flow that Siebel CRM Desktop SSO uses during authentication.

Flow That CRM Desktop SSO Uses During Authentication: This image contains the following components: Siebel Connector, SSO Connector, Siebel CRM SSO Agent, and Siebel Web Services.

Explanation of Callouts

The architecture for Siebel CRM Desktop SSO does the following during authentication:

  1. User opens Outlook and then enters user name and password or uses credentials that Siebel CRM Desktop saved during a prior session.

  2. Siebel Connector sends SOAP request with saved credentials to the SSO Connector. CRM Desktop SSO is a plug-in to Siebel CRM Desktop and acts as a local HTTP proxy. If the agent SessionID cookie that Siebel CRM SSO uses is set, then flow continues to Step 9.

  3. SSO Connector attempts to send a request to the SSO Agent.

  4. If the Agent SessionID cookie that Siebel CRM SSO uses is not set, or if this cookie is expired, then the SSO Agent sends a request for authentication in an HTTP redirect form or in an HTML form. This HTML form allows the user to reenter authentication information.

  5. SSO Connector detects a request for authentication and then starts interactive or noninteractive authentication.

  6. SSO connector sends HTTP request to the SSO Agent.

  7. The SSO Agent sends a reply to the client and does something depending on the following authentication that Siebel CRM Desktop uses:

    • Interactive authentication. The user must enter authentication information and then start the next step, for example, by clicking Login, and so forth.

    • Nonnteractive authentication. The SSO Connector interprets the HTML reply.

      Step 6 and Step 7 might repeat multiple times until authentication successfully finishes. CRM Desktop SSO considers this authentication successful if the HTTP can redirect to the original Siebel EAI address. When it meets this criteria is met, The SSO connector can use the session cookies when authentication successfully finishes.

  8. The SSO Connector sends the original SOAP request and the session cookies to the SSO Agent.

  9. The request now includes valid session information so the SSO Agent sends the original SOAP request to Siebel Web Services.

  10. Siebel Web Services sends a reply to the SSO Agent.

  11. The SSO Agent sends this reply to the SSO Connector. If the Siebel Server does not reply with HTTP 200 or HTTP 500, or if the reply does not include XML content, then the session is not valid and CRM Desktop SSO goes to Step 5. The presence of XML content indicates that the user has logged in into the native Web SSO that the browser uses.

  12. The SSO Connector sends a reply to the Siebel Connector for processing. The SSO Connector can store an Agent SessionID cookie while Outlook runs. It can reuse this cookie in subsequent connection attempts. If this cookie expires, then Siebel CRM SSO requests the user to log in again.