Scribd Logo
Upload

Welcome to Scribd!

  • Module 12 Securing Access To The Application

    Uploaded by

    freecharge
    13 views18 pages
    dfghjkfghj8uyh

    Original Title

    Module 12 Securing Access to the Application

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    dfghjkfghj8uyh

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views18 pages

    Module 12 Securing Access To The Application

    Uploaded by

    freecharge
    dfghjkfghj8uyh

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    Siebel 8.

    0 Essentials

    Securing access to the application

    1 of 18

    Module 12: Securing Access to the Application

    Module Objectives
    To describe the types of user authentication in use by Siebel

    application
    To explain the role of the security adapter
    To describe Single Sign On (SSO) security and how it differs
    from other authentication methods

    Securing access to the application

    3 of 18

    Siebel Application Security


    Siebel applications are secured at various levels:
    Security in restricting data and access to views corresponding to
    different users
    Subject of previous module

    Only authorized users can access the application


    Subject of this module
    Securing the Communication between architecture components
    Subject of subsequent module

    Securing access to the application

    4 of 18

    Authentication
    Is the process of validating a users identity
    It concerns with verifying the identity of users before they gain

    access to a Siebel application


    Typically consists of collecting a set of user credentials such as

    user ID and password and comparing them to pre-stored values

    Securing access to the application

    5 of 18

    Supported Authentication Methods


    Siebel applications carry out authentication by either the

    Siebel servers or the Web server. In this case, its done with
    the help of :
    Siebel security adapters are software programs that allow Siebel
    servers to authenticate users
    Single Sign On (SSO) allows the Web server to authenticate
    users
    Siebel Web Server Extension performs authentication check
    Security adapter is still involved in verifying the trust token
    passed to it by the Web server
    A trust token is a software object confirming the identity og
    the sender. May contain additional information such as user
    identity or database login to be passed to the server

    Securing access to the application

    6 of 18

    Siebel Security Adapters


    A security adapter is a piece of software that connects to an

    authentication service
    It is Implemented as a part of the Application Object Manager (AOM)
    An authentication service
    A store of credentials plus a mechanism to compare user provided
    credentials against the stored credentials

    Securing access to the application

    7 of 18

    Authentication Services
    Siebel applications support multiple authentication services:
    Database authentication

    Lightweight Database Authentication Protocol (LDAP)


    Active Directory Services Interface (ADSI)
    Custom authentication using the Siebel Security Adapter Software
    Developers Kit (SSASDK)
    Creating custom security adapters is beyond the scope of this
    course
    Refer to the Siebel Security Adapter SDK in Bookshelf

    Securing access to the application

    8 of 18

    Database Authentication
    Users are authenticated against the underlying database
    The database Security Adapter uses is the default for Siebel

    applications

    Securing access to the application

    9 of 18

    Database Authentication Considerations


    Additional infrastructure components such as directory servers

    are not required


    Uses a separate database login for each user
    Requires ongoing support from a database administrator
    May support the following account policies :
    Password expiration

    Password syntax
    Account lockout
    Supports minimal user self-management
    User cannot perform self-management without being granted

    direct access to the database server

    Securing access to the application

    10 of 18

    Directory Server Authentication


    Authentication for users is carried out against an external directory service
    The directory service contains the users credentials and administrative

    information
    A single reserved database login is typically used for all users
    The default database login is LDAPUSER

    Securing access to the application

    11 of 18

    Directory Service Considerations


    Facilitates easier administration because it :
    Eliminates maintenance of a separate database login for each user

    Allows Web users to self-register and maintain login information


    Allows automated creation of users from User Administration view
    Allows external delegated administration of users
    Allows credentials store to be shared across multiple

    applications
    May support account policies based on those of the directory
    service
    Password expiration
    Password syntax
    Account lockout

    Securing access to the application

    12 of 18

    Single Sign On
    Web Server provides credentials to third-party service
    Security Adapter looks up and retrieves Siebel user ID, DB account

    based on identity key from external source

    Securing access to the application

    13 of 18

    Single Sign On Considerations


    Allows users to access multiple applications without any further

    login
    For example, Windows Integrated Authentication allows users to
    access Siebel applications directly once they have logged in to
    their Windows accounts
    Uses credentials that are collected and verified by the Web

    server
    Management of authentication can be performed from a single
    centralized location
    Requires the use of a trust token
    Secret value shared by the Web server and Object Manager
    This facilitates the deployment of Siebel Application in Web sites

    and portals

    Securing access to the application

    14 of 18

    Single Sign On Considerations


    Some Siebel User Administration features that are not available

    using SSO should be disabled for consistency, for example:


    User self-registration
    Delegated administration of users
    Change password
    Requires synchronization of users between the Siebel

    application and the external authentication system

    Securing access to the application

    15 of 18

    Comparing Authentication Methods

    Securing access to the application

    16 of 18

    Module Highlights
    Siebel applications support three mechanisms for authenticating

    users:
    Database authentication is the default; the Siebel Server verifies the
    authentication information to the RDBMS for authentication
    Directory Service authentication uses a directory service such as
    LDAP or ADSI to perform the authentication; the Siebel Server
    passes the authentication information to the directory service
    Single Sign On uses a directory service at the Web server level to
    allow single sign-on to multiple applications; the Siebel Web
    Server passes the authentication information to the directory
    service and passes the returned trust token to the Siebel Server

    Securing access to the application

    17 of 18

    Lab
    In the lab you will:
    Create a database account for a new user

    Securing access to the application

    18 of 18

    You might also like