Security Adapters and the Siebel Developer Web Client

The Siebel Developer Web Client relocates business logic from the Siebel Server to the client. The authentication architecture for the Developer Web Client differs from the authentication architecture for the standard Web Client, because it locates the following components on the client instead of the Siebel Server:

• Application Object Manager (through the siebel.exe program)

• Application configuration file

• Authentication manager and security adapter

• Oracle LDAP Client (where applicable)

  Note: Siebel Business Applications support for the Siebel Developer Web Client is restricted to administration, development, and troubleshooting usage scenarios only. Siebel Business Applications does not support the deployment of this client to end users.

When you implement security adapter authentication for Siebel Developer Web Clients, observe the following principles:

• It is recommended to use the remote configuration option, which can help you make sure that all clients use the same configuration settings. This option is described later in this topic.

• Authentication-related configuration parameters stored in application configuration files on client computers, or stored in remote configuration files, must generally contain the same values as the corresponding parameters in the Siebel Gateway (for Siebel Web Client users). Distribute the appropriate configuration files to all Siebel Developer Web Client users. For information about setting parameters in Siebel application configuration files on the Siebel Developer Web Client, see Siebel Application Configuration Parameters.

• It is recommended that you use checksum validation to make sure that the appropriate security adapter provides user credentials to the authentication manager for all users who request access. For information about checksum validation, see Configuring Checksum Validation.

• In a security adapter authentication implementation, you must set the security adapter configuration parameter Propagate Change to TRUE, and set the Siebel system preference SecThickClientExtAuthent to TRUE, if you want to implement:

  • Security adapter authentication of Siebel Developer Web Client users.

  • Propagation of user administration changes from the Siebel Developer Web Client to an external directory such as LDAP. (For example, if a user changes his or her password in the Developer Web Client, then the password change is also propagated to the directory.)

    For more information, see Siebel Application Configuration Parameters and Configuring LDAP Authentication for Developer Web Clients.

• In some environments, you might want to rely on the data server itself to determine whether to allow Siebel Developer Web Client users to access the Siebel database and run the application. In the application configuration file on the local client, you can optionally define the IntegratedSecurity parameter for the server data source (typically, in the [ServerDataSrc] section of the configuration file).

  This parameter can be set to TRUE or FALSE. The default value is FALSE. When TRUE, the Siebel client is prevented from prompting the user for a user name and password when the user logs in. Facilities provided in your existing data server infrastructure determine if the user is allowed to log into the database.

  You can set the IntegratedSecurity parameter to TRUE with the database security adapter. See also About Database Authentication.

  Note: Integrated Security is only supported for Siebel Developer Web clients that access Oracle and Microsoft SQL Server databases. This functionality is not available for Siebel Web Clients or Siebel Mobile Web clients.

For additional information on integrated authentication, refer to your third-party documentation. For Oracle, refer to the OPS$ and REMOTE_OS_AUTHENT features. For Microsoft SQL Server, refer to Integrated Security. For more information about the Siebel Developer Web Client, see the Siebel Installation Guide and the Siebel System Administration Guide.