Oracle
SIEBEL- SSO INTEGRATION – THIRD PARTY
This article describes the integration of SSO with the Siebel e-business platform. Siebel is a Web-based suite that combines customer relationship management, partner relationship management, and employee relationship management applications.
SSO Integration Requirements
SSO solutions integration is supported with SSO solutions meeting the following prerequisites:
•The 3rd Party SSO system should be able to send the user identity in an HTTP Header Variable. •Siebel Web Single Sign On configuration is configured for the Siebel Web Engine.延时冲洗阀 •Siebel Security Adapter (LDAP/ ADSI) Profile is used for authentication.
•SSO solutions using static trust token in the HTTP header.
Siebel Components
This integration involves the following Siebel components.
Siebel Gateway Name Server: The name server provides persistent backing of Siebel server configuration information, including definitions and assignments of component groups and component operational parameters as well as Siebel server connectivity.
Siebel Database Server: The Siebel database server contains the data used by Siebel clients.
dc-link
Siebel Server and Siebel Web Server Extension: The Siebel Server along with the Siebel Web Server Extensions supports Siebel Enterprise Web Applications.
Integration Architecture
The preferred method of Web single sign-on with Siebel is achieved by passing a header variable populated with an attribute value that is stored in the LDAP directory. The SSO solution used permits passing the appropriate HTTP header variable to Siebel. SSO solution intercepts the user's HTTP request and checks for a session cookie. If the cookie does not exist or it has expired, the user is challenged for credentials. The implemented SSO solution verifies the credentials, and if the user is authenticated, the SSO solution redirects the user to the requested resource and passes the required header variable to the Siebel application. The Siebel application initiates a session which is kept at the Siebel Web Engine.栏木机
Error! Reference source not found. Illustrates a scenario where the user authenticates to a SSO-protected resource and is granted access to a Siebel application.
Figure 1: SSO Integration with Siebel
Process overview: Authentication with the integration
When a user attempts to access a web application that is protected by an SSO solution, the SSO solution first determines whether the traffic from the user’s browser contains a valid cookie. If such a cookie does not exist, the user will be challenged for a username and password credentials with an
HTML form. Upon successful login, the user is granted access to the target application. The detailed steps follow:
1. A user attempts to access content or an application on a server.
2. SSO intercepts the request.
3. To determine if the resource is protected, SSO checks for a security policy.
The security policy consists of an authentication scheme, authorization rules, and allowed operations based on authentication and authorization success or failure.
4. If the resource is protected, SSO checks for the user's session cookie.
If a valid session exists, SSO passes the header variable to the Siebel server. If a valid session does not exist, SSO prompts the user for credentials.
5. If the credentials are successfully validated, SSO executes the actions that are defined in the security
policy and sets an HTTP header variable that maps to the Siebel user ID.
6. SSO redirects the user to the requested Siebel resource.
7. The Siebel application recognizes the SSO header variable, authenticates the user, and initiates a
session.
The header variable is stored in the Siebel Web Engine. The user can now access any resource that is protected by SSO, for example, a Siebel Web application, without being prompted for credentials.
If the user is not authorized, the user is denied access and redirected to another URL as determined by the organization's administrator.
Preparing Your Environment
Complete the following steps to prepare your environment for the integration.
Task overview: Prepare your environment for OM and LDAP integration
Configure the out-of-box LDAP Security Adapter profile to talk to the LDAP server for authentication. Refer to Siebel Security Guide > Security Adapter Authentication > Process of Implementing LDAP or ADSI Security Adapter Authentication
acle/docs/cd/E14004_01/books/Secur/Secur_SecAdaptAuth21.html#wp1598728 Configure the Web Single Sign On for the Siebel Application OM. Refer to Siebel Security Guide > Web Single Sign-On Authentication > Process of Implementing Web Single Sign-On
acle/docs/cd/E14004_01/books/Secur/Secur_SSOAuth6.html#wp1003258ca3660
Task overview: Prepare your web environment for integration
1. Install a supported directory server according to vendor instructions.
2. Install a supported Web server supported both by Siebel CRM and the SSO solution
3. Configure the Web browser to allow cookies according to vendor instructions.
4. Proceed to the next section.
Setting up Siebel for integration with SSO
The following procedures describe how to set up Siebel for this integration.
1. Install the following Siebel components, as described in the Siebel documentation:横孔螺母 a. Siebel Gateway Server
b. Siebel Server
c. Siebel Database Server
d. Siebel Web Server Extension
2. Verify that Siebel Industry Applications and Web Server Extension are working properly.
3. Ensure that the Siebel client and the Siebel server are able to communicate with each other through
TCP/IP, as described in the Siebel documentation.
4. Add at least three users to LDAP:
n Test
n The Siebel Anonymous User
n The Siebel Application User
In addition to your regular users, Siebel uses two user accounts from the directory: Anonymous User and Application User. You also need to create an attribute in regular user accounts for storing the Siebel
database user information. See the information on creating users in the directory in the Security Guide for Siebel Industry Applications for details.
5. Add user records in the Siebel database that correspond to the registered users.
You need a record in the Siebel database that corresponds to the test user that you created in the LDAP directory. You also must confirm that the seed data record exists for the Anonymous User for your Siebel customer or partner application. This database record must match the Anonymous User that you created in the LDAP directory. See the information on adding user records in the Siebel Database in the Security Guide for Siebel Industry Applications for details.
Error! Reference source not found.: “eapps.cfg parameters” describes the parameters to set for the eapps.cfg file. This file contains configuration details for the Siebel Web Server Extension component. It is located in the \BIN directory where the Siebel Web Server Extension is installed (for example,
C:\siebel81\SWEApp). You can add these parameters to the [Default] section or to the Siebel-specific application, for example, [/esales_enu].
Oracle recommends that you add these parameters to the specific Siebel Industry application section.
To encrypt eapps.cfg parameters, follow the steps as per: Siebel Security Guide > Changing or Adding Passwords > Managing Encrypted Passwords in the eapps.cfg File
acle/cd/B40099_02/books/Secur/Secur_ChangePwd11.html#wp1053529
Table 1 eapps.cfg parameters智慧农业控制系统
Parameter and
value Value Notes
AnonUserName GuestCST The anonymous user is a Siebel user with very limited
access. It enables a user to access a login page or a page
that contains a login form. This user is defined in the Siebel
database and must exist in the LDAP directory.
AnonPassword Ldap The LDAP password for the anonymous user.
SingleSignOn TRUE When this parameter is set to true, the Siebel Web Server
Extension Engine (SWSE) operates in WebSSO mode.
TrustToken HELLO In a Web single sign-on environment, this token string is a
shared secret between the SWSE and the security adapter.
It is a measure to protect against spoofing attacks. This
setting must be the same on both the SWSE and the
security chapter.
UserSpecSource Header In a Web single sign-on implementation, this parameter
specifies the source from which the SWSE derives the user
credentials, as follows:
n Server—Use if the value is from the Web server name
field
n Header—Use if the variable is in the HTTP request
header
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议