Professional Documents
Culture Documents
0 Essentials
12
Copyright 2007, Oracle. All rights reserved.
Module Objectives
2 of 18
3 of 18
Authentication
Is the process of validating a users identity Verifies the identity of users before they gain access to a Siebel application Typically consists of collecting a set of user credentials such as user ID and password and comparing them to pre-stored values
4 of 18
Siebel applications support authentication by either the Siebel servers or the Web server:
Siebel security adapters are software programs that allow Siebel servers to authenticate users Single Sign On (SSO) allows the Web server to authenticate users
Siebel Web Server Extension performs authentication check Security adapter is still involved in verifying the trust token passed to it by the Web server
5 of 18
Browser
Web Server
SWSE
Credentials
Authentication Service
6 of 18
Authentication Services
Creating custom security adapters is beyond the scope of this course Refer to the Siebel Security Adapter SDK in Bookshelf
Security Adapter
Authentication Service
7 of 18
Database Authentication
Users are authenticated against the underlying database The database Security Adapter is the default for Siebel applications
Browser
Security Adapter
3. Connect to database using user ID and (possibly hashed) password. RDBMS performs authentication
Siebel Database
Copyright 2007, Oracle. All rights reserved. 8 of 18
Does not require additional infrastructure components such as directory servers Uses a separate database login for each user
Requires ongoing support from a database administrator
9 of 18
Users are authenticated against an external directory service The directory service contains the users credentials and administrative information A single reserved database login is typically used for all users
2. Verify credentials Authentication Service
Directory
Security Adapter
Login
Siebel Database
10 of 18
Allows credentials store to be shared across multiple applications May support account policies based on those of the directory service
Password expiration Password syntax Account lockout
11 of 18
Single Sign On
Web Server provides credentials to third-party service Security Adapter looks up and retrieves Siebel user ID, DB account based on identity key from external source
Login
Authentication Service
2. Verifies credentials
Directory
Siebel Database
5. Connects to database
12 of 18
Uses credentials that are collected and verified by the Web server
Management of authentication can be performed from a single centralized location
Allows Siebel applications to be deployed into existing Web sites and portals
13 of 18
Some Siebel User Administration features that are not available using SSO should be disabled for consistency, for example:
User self-registration Delegated administration of users Change password
Requires synchronization of users between the Siebel application and the external authentication system
14 of 18
Single Sign On
No
Depends on RDBMS No No No No No
Yes
Depends on directory service Yes Yes Yes No Yes
Yes
Depends on directory service No No Yes Yes Yes
15 of 18
Module Highlights
16 of 18
Lab
17 of 18
18 of 18