Siebel Security – Active Directory Authentication

June 17 2010 by Oli in Security, Siebel |No Comments

One of the more complex installation and system administration functions of a Siebel 7 or 8 environment is authentication. Back in the old days, many Siebel sites used out of the box database authentication which required little or no additional configuration. Nowadays, we want to leverage existing company directories to cut down on unnecessary configuration and maintenance, while also providing a friendlier ‘single sign on’ experience to users. In this post, I want to cover off some of the concepts around Active Directory authentication within Siebel and hopefully show you that it is really not as complicated as it seems. It’s a big topic, so we’ll cover principles in this post and the finer details of setting things up in Siebel next time.

I’m going to concentrate on Microsoft Active Directory here but the principles can be applied to LDAP or other options that you care to mention.

First up, there are some important concepts and pieces of information that you need to understand:

  • Profiles - in Siebel, profiles represent Enterprise wide configuration that can be used and shared by components in the enterprise.
  • Security Adapters – these represent Siebel supplied DLLs that provide a black box between Siebel and your chosen authentication software
  • Containers - in AD, these represent subdivisions of objects within the directory. Think of them as folders within a file system
  • Distinguished Name (DN) – this is essentially a ‘path’ to a unique object within the directory, for example a user
  • Base DN – in Siebel terms, this defines a ‘root’ path from which it will look for AD objects and containers
  • Application User – an AD user that has write access to the directory. This is to allow Siebel to propagate changes down to AD
  • Share Credentials DN – this is the location of an object, usually a user, where database authentication details are stored. This allows the component using the profile to connect to the Siebel database. This has been phased out in Siebel 8
  • Anonymous Employee – User or Employee record that is used to log in as an anonymous user into an Employee application
  • Anonymous User – User record that is used to login in as an anonymous user into a Customer application

You can define a security adapter profile in a number of ways:

  1. During installation of the Enterprise
  2. Through the Siebel Client – Site Admin > Administration – Server Configuration > Enterprises > Profile Configuration
  3. Through the Siebel Gateway Configuration tool

As ever, Bookshelf is here to help and you can find all this information in the Security Guide.

Next time, we’ll take a look at choosing these values and how to use them to set up AD authentication in Siebel.

Tags: ,

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam protection by WP Captcha-Free

« »