Comparison of Authentication Strategies
The following table highlights the capabilities of each authentication method to help guide your decision. Several options are available for each basic strategy. Comparisons do not apply for Siebel Mobile Web Client, for which only database authentication is available.
Functionality |
Database Security Adapter |
LDAP Security Adapter |
Web SSO |
|---|---|---|---|
Requires additional infrastructure components. |
No |
Yes |
Yes |
Centralizes storage of user credentials and roles. |
No |
Yes |
Yes |
Limits number of database accounts on the application database. |
No |
Yes |
Yes |
Supports dynamic user registration. Users are created in real-time through self-registration or administrative views. |
No |
Yes |
Siebel Business Applications do not support the feature, but it might be supported by third-party components. For Web SSO, user registration is the responsibility of the third-party authentication architecture. It is not logically handled by the Siebel architecture. |
Supports account policies. You can set policies such as password expiration, password syntax, and account lockout. |
Only password expiration is supported and only on supported IBM DB2 RDBMS operating systems. |
Yes |
Siebel Business Applications do not support the feature, but it might be supported by third-party components. For Web SSO, account policy enforcement is handled by the third-party infrastructure. |
Supports Web Single Sign-On, the capability to log in once and access all the applications within a Web site or portal. |
No |
No |
Yes |
The Siebel LDAP security adapter supports the Internet Engineering Task Force (IETF) password policy draft (09) for handling password policy violations and error reporting. As a result, the LDAP security adapter returns meaningful error messages and takes appropriate actions when password policy violations occur, provided the adapter is used with directory servers that are compliant with the draft. For additional information on the IETF password policy draft, go the IETF Web site at
https://tools.ietf.org/html/draft-behera-ldap-password-policy-09