Siebel 8.0 Essentials

1
Siebel 8.0 Essentials
2
Module 12 Securing Access to the Application
3
Module Objectives

• To describe the types of user authentication in
  use by Siebel application
• To explain the role of the security adapter
• To describe Single Sign On (SSO) security and how
  it differs from other authentication methods

4
Siebel Application Security

• Siebel applications are secured at various
  levels
• Security in restricting data and access to views
  corresponding to different users
• Subject of previous module
• Only authorized users can access the application
• Subject of this module
• Securing the Communication between architecture
  components
• Subject of subsequent module

5
Authentication

• Is the process of validating a users identity
• It concerns with verifying the identity of users
  before they gain access to a Siebel application
• Typically consists of collecting a set of user
  credentials such as
• user ID and password and comparing them to
  pre-stored values

6
Supported Authentication Methods

• Siebel applications carry out authentication by
  either the Siebel servers or the Web server. In
  this case, its done with the help of
• Siebel security adapters are software programs
  that allow Siebel
• servers to authenticate users
• Single Sign On (SSO) allows the Web server to
  authenticate users
• Siebel Web Server Extension performs
  authentication check
• Security adapter is still involved in verifying
  the trust token passed to it by the Web server
• A trust token is a software object confirming
  the identity og the sender. May contain
  additional information such as user identity or
  database login to be passed to the server

7
Siebel Security Adapters

• A security adapter is a piece of software that
  connects to an
• authentication service
• It is Implemented as a part of the Application
  Object Manager (AOM)
• An authentication service
• A store of credentials plus a mechanism to
  compare user provided credentials against the
  stored credentials

8
Authentication Services

• Siebel applications support multiple
  authentication services
• Database authentication
• Lightweight Database Authentication Protocol
  (LDAP)
• Active Directory Services Interface (ADSI)
• Custom authentication using the Siebel Security
  Adapter Software Developers Kit (SSASDK)
• Creating custom security adapters is beyond the
  scope of this course
• Refer to the Siebel Security Adapter SDK in
  Bookshelf

9
Database Authentication

• Users are authenticated against the underlying
  database
• The database Security Adapter uses is the default
  for Siebel applications

10
Database Authentication Considerations

• Additional infrastructure components such as
  directory servers are not required
• Uses a separate database login for each user
• Requires ongoing support from a database
  administrator
• May support the following account policies
• Password expiration
• Password syntax
• Account lockout
• Supports minimal user self-management
• User cannot perform self-management without being
  granted
• direct access to the database server

11
Directory Server Authentication

• Authentication for users is carried out against
  an external directory service
• The directory service contains the users
  credentials and administrative information
• A single reserved database login is typically
  used for all users
• The default database login is LDAPUSER

12
Directory Service Considerations

• Facilitates easier administration because it
• Eliminates maintenance of a separate database
  login for each user
• Allows Web users to self-register and maintain
  login information
• Allows automated creation of users from User
  Administration view
• Allows external delegated administration of users
• Allows credentials store to be shared across
  multiple
• applications
• May support account policies based on those of
  the directory
• service
• Password expiration
• Password syntax
• Account lockout

13
Single Sign On

• Web Server provides credentials to third-party
  service
• Security Adapter looks up and retrieves Siebel
  user ID, DB account based on identity key from
  external source

14
Single Sign On Considerations

• Allows users to access multiple applications
  without any further
• login
• For example, Windows Integrated Authentication
  allows users to
• access Siebel applications directly once
  they have logged in to
• their Windows accounts
• Uses credentials that are collected and verified
  by the Web
• server
• Management of authentication can be performed
  from a single
• centralized location
• Requires the use of a trust token
• Secret value shared by the Web server and Object
  Manager
• This facilitates the deployment of Siebel
  Application in Web sites and portals

15
Single Sign On Considerations

• Some Siebel User Administration features that are
  not available
• using SSO should be disabled for consistency,
  for example
• User self-registration
• Delegated administration of users
• Change password
• Requires synchronization of users between the
  Siebel
• application and the external authentication
  system

16
Comparing Authentication Methods
17
Module Highlights

• Siebel applications support three mechanisms for
  authenticating
• users
• Database authentication is the default the
  Siebel Server verifies the
• authentication information to the RDBMS for
  authentication
• Directory Service authentication uses a directory
  service such as
• LDAP or ADSI to perform the
  authentication the Siebel Server
• passes the authentication information
  to the directory service
• Single Sign On uses a directory service at the
  Web server level to allow single sign-on to
  multiple applications the Siebel Web
• Server passes the authentication
  information to the directory
• service and passes the returned trust
  token to the Siebel Server

18
Lab

• In the lab you will
• Create a database account for a new user