Single Sign-On in Siebel
Being a software developer in Siebel, I had numerous opportunities to create something using this tool. Apart from acknowledging client requests which is everyone’s number one priority, like any other developer I also wanted to first get my fundamentals strong in this tool. There were times when I tried 2-3 different ways to deal with one of the old demands and was successful in discovering many new and simpler methods. Since then I always experiment to meet the requirements and never hesitated to play with Siebel.
This led me into using these concepts readily and implementing them in real time. While using Siebel for many servers in my project, the traditional practice to Sign-In every time you open a new Siebel application server was not only exasperating at times but also a shortcoming in terms of Siebel’s user friendly behavior. Searching an answer for this problem I came across the Single Sign-On Process.
For starters, what is Single Sign-In (SSO)?
It is a session/user authentication process that allows a user to enter name and password for only a single time in entire session in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
Single Sign-On (SSO) is becoming the standard for advanced security in IT sector. This equips us in streamlined, consistent and secure password management policy for every user. Cutting down on the number of passwords issued to users and reducing time spent on administration, support and training, SSO directly impacts the daily user ability.
The following steps need to be followed for configuring Web Single Sign On and the Active Directory Security Adapter.
- An ADSI service account will be needed.This service account is one used to bind to the Active Directory and will also hold the shared database credentials.
- The service account will also be the web anonymous user for Single Sign On and must have a Siebel login with Web Anonymous User responsibility. This anonymous user does not need a database account.
- Create the shared database account. All users will connect to the database with this database account instead of an individual database account.
- Create a custom application object manager that will be configured for ADSI security adapter authentication instead of database authentication.
- Add the SSO Sales Object Manager to the Siebel Web Server Extension Update the Siebel Web Server Extension eapps.cfg file to include the SSO Sales Object Manager.
- Add a new virtual directory to IIS for SSO.
- Configure Siebel Web Server for Web SSO. Open the eapps.cfg file and set parameter IntegratedDomainAuth = True in [swe] section and add following parameter in [SSO] section.
– TrustToken=token name
– StartCommand= SWECmd=GotoView&SWEView=Sales+Home+Page+View&SWERF=1
This will enable the Single Sign On and it will be authenticated by Windows Integrated Authentication.
Configure ADSI Security Adapter Named Subsystem in Server Administration – Configuration; Enterprises; profile configuration tab and set the parameters for ADSI.
If the authentication is stolen then all resources becomes vulnerable. In addition, you need to be aware of whether there are backups to the SSO in the event the system is down; if the Server is down then the network resources will remain unavailable.
Post by Suman Kumar