1. Security Guide
  2. Set up Tasks for Standards-Based Web Single Sign-On

Set up Tasks for Standards-Based Web Single Sign-On

This topic describes the tasks that must be completed for a standards-based Web SSO authentication solution so that it can integrate with Siebel CRM. For detailed information on configuring your authentication service, see the vendor documentation.

To set up the third-party Web SSO authentication service, you must perform the following tasks:

  • Install all the components required for the Web SSO authentication service as detailed by the vendor.

  • Synchronize the time on all servers hosting the Siebel application and the Web SSO authentication service.

  • Configure the authentication service to map an SSO header variable uid to the Siebel uid directory attribute.

    The Header variable set in the Web SSO policy must be equal to the value of the User Specification parameter in the Siebel Application Interface profile. In the following example, the uid is mapped to the SSO_SIEBEL_USER HTTP header variable: 

    Type: HeaderVar 
Name: SSO_SIEBEL_USER 
Attribute: uid

  • Grant access to resources that are protected by the policy domain to all Siebel users.

  • Remove default no-cache HTTP pragma header fields for your Web SSO solution. No cache should be created by Web SSO.

  • The following parameters must be set in the Siebel Application Interface profile:

    • Configure Web Single Sign-On must be set to TRUE to implement SSO.

    • Trust Token must be set to HELLO, or another contiguous string of your choice.

      In SSO mode when used with a custom security adapter, the specified value is passed as the password parameter to a custom security adapter if the value corresponds to the value of the Trust Token parameter defined for the custom security adapter.

      Note: Typically, password encryption applies to Siebel Application Interface configuration. In this case, you must specify the encrypted value. For more information, see Encrypted Passwords in Siebel Application Interface Profile Configuration.

    • User Specification must be set to, for example, OAM_REMOTE_USER.

      Note: OAM_REMOTE_USER is the header which carries the Siebel ID set by the SSO process.