Professional Documents
Culture Documents
Module 12 Securing Access To The Application
Module 12 Securing Access To The Application
0 Essentials
1 of 18
Module Objectives
To describe the types of user authentication in use by Siebel
application
To explain the role of the security adapter
To describe Single Sign On (SSO) security and how it differs
from other authentication methods
3 of 18
4 of 18
Authentication
Is the process of validating a users identity
It concerns with verifying the identity of users before they gain
5 of 18
Siebel servers or the Web server. In this case, its done with
the help of :
Siebel security adapters are software programs that allow Siebel
servers to authenticate users
Single Sign On (SSO) allows the Web server to authenticate
users
Siebel Web Server Extension performs authentication check
Security adapter is still involved in verifying the trust token
passed to it by the Web server
A trust token is a software object confirming the identity og
the sender. May contain additional information such as user
identity or database login to be passed to the server
6 of 18
authentication service
It is Implemented as a part of the Application Object Manager (AOM)
An authentication service
A store of credentials plus a mechanism to compare user provided
credentials against the stored credentials
7 of 18
Authentication Services
Siebel applications support multiple authentication services:
Database authentication
8 of 18
Database Authentication
Users are authenticated against the underlying database
The database Security Adapter uses is the default for Siebel
applications
9 of 18
Password syntax
Account lockout
Supports minimal user self-management
User cannot perform self-management without being granted
10 of 18
information
A single reserved database login is typically used for all users
The default database login is LDAPUSER
11 of 18
applications
May support account policies based on those of the directory
service
Password expiration
Password syntax
Account lockout
12 of 18
Single Sign On
Web Server provides credentials to third-party service
Security Adapter looks up and retrieves Siebel user ID, DB account
13 of 18
login
For example, Windows Integrated Authentication allows users to
access Siebel applications directly once they have logged in to
their Windows accounts
Uses credentials that are collected and verified by the Web
server
Management of authentication can be performed from a single
centralized location
Requires the use of a trust token
Secret value shared by the Web server and Object Manager
This facilitates the deployment of Siebel Application in Web sites
and portals
14 of 18
15 of 18
16 of 18
Module Highlights
Siebel applications support three mechanisms for authenticating
users:
Database authentication is the default; the Siebel Server verifies the
authentication information to the RDBMS for authentication
Directory Service authentication uses a directory service such as
LDAP or ADSI to perform the authentication; the Siebel Server
passes the authentication information to the directory service
Single Sign On uses a directory service at the Web server level to
allow single sign-on to multiple applications; the Siebel Web
Server passes the authentication information to the directory
service and passes the returned trust token to the Siebel Server
17 of 18
Lab
In the lab you will:
Create a database account for a new user
18 of 18