Scribd Logo
Upload

Welcome to Scribd!

  • 10ESS - Securing Siebel Apps

    Uploaded by

    AkhamiePatrickOshioke
    12 views17 pages
    The document discusses securing Siebel implementations. It describes Siebel's security architecture which includes components for physical infrastructure, authentication, and access control. Authentication verifies a user's identity and is supported by security adapter authentication or web single sign-on. The security adapter connects to an authentication service like LDAP or a database. Access control then determines what an authenticated user can access within the application.

    Original Description:

    Original Title

    10ESS_Securing Siebel Apps

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses securing Siebel implementations. It describes Siebel's security architecture which includes components for physical infrastructure, authentication, and access control. Authentication verifies a user's identity and is supported by security adapter authentication or web single sign-on. The security adapter connects to an authentication service like LDAP or a database. Access control then determines what an authenticated user can access within the application.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    12 views17 pages

    10ESS - Securing Siebel Apps

    Uploaded by

    AkhamiePatrickOshioke
    The document discusses securing Siebel implementations. It describes Siebel's security architecture which includes components for physical infrastructure, authentication, and access control. Authentication verifies a user's identity and is supported by security adapter authentication or web single sign-on. The security adapter connects to an authentication service like LDAP or a database. Access control then determines what an authenticated user can access within the application.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 17

    Essentials (Siebel 7.

    7)

    Module 10: Securing Siebel


    Implementations
    Module Objectives

    After completing this module you will be able to:


     Describe the Siebel application Security Architecture
     Describe the types of authentication supported by Siebel
    applications
     Explain the role of the Security Adapter

    Why you need to know:


     You need to understand how Siebel applications are
    secured at different areas

    Module 10: Securing Siebel Implementations 2 of 17


    Siebel Application Security Architecture
     Includes components to address
     Physical infrastructure
     Authentication
     Access Control

    Module 10: Securing Siebel Implementations 3 of 17


    Physical Infrastructure
     Is concerned with securing the network, communication, and
    data through:
     Data encryption
     Communication encryption
     Password security
     Firewalls
     Is out of the scope of this course

    Module 10: Securing Siebel Implementations 4 of 17


    Authentication
     Verifies the identity of users before they gain access to a Siebel
    application
     Is covered in this module at a high level

    Module 10: Securing Siebel Implementations 5 of 17


    Access Control
     Determines what an authenticated user is able to access once
    within a Siebel application
     Is covered in detail in the following modules:
     Module 11: Implementing the Company Structure
     Module 12: Access to Views
     Module 13: Access to Customer Data
     Module 14: Access to Master Data

    Module 10: Securing Siebel Implementations 6 of 17


    Authentication
     Is concerned with verification of a user’s identity before he or
    she gains access to a Siebel application
     Process involves:
     Collecting credentials, such as user name and password
     Verifying credentials against an authentication service
     Is supported in Siebel applications using:
     Security Adapter Authentication
     Web Single Sign On

    Module 10: Securing Siebel Implementations 7 of 17


    Security Adapter Authentication
     A security adapter is a piece of software that allows the
    connection to an authentication service
     Implemented as part of the Application Object Manager (AOM)
     Uses the credentials entered by a user
     Verifies against authentication service
     Allows access to the Siebel application

    Module 10: Securing Siebel Implementations 8 of 17


    Security Adapter Authentication Continued
     Siebel applications support a number of authentication
    scenarios:
     Database authentication
     Directory authentication: LDAP/ADSI
     Custom
     Using a customer-created adapter
     Refer to the Security Adapter SDK in Bookshelf

    Module 10: Securing Siebel Implementations 9 of 17


    Database Authentication
     Users are authenticated against the Browser
    underlying database
     The database Security Adapter is the Web
    default for Siebel applications Server 1. User
    SWSE provides
    name and
    password
    Credentials

    2. Password may be encrypted to Siebel Object Manager


    prevent direct database access
    Encrypt password

    3. Connect to database Connect using DB account

    Siebel
    Database

    Module 10: Securing Siebel Implementations 10 of 17


    Database Authentication Considerations
     Does not require additional infrastructure components
     Uses a separate database login for each user
     Requires ongoing support from a database administrator
     May support account policies
     Password expiration
     Password syntax
     Account lockout
     Supports minimal user self-management

    Module 10: Securing Siebel Implementations 11 of 17


    Directory Server Authentication
     Users are authenticated against an
    Browser
    external directory service
     The directory service contains the
    Web user’s credentials and administrative
    Server
    SWSE
    information
    1. User  A single reserved database login is
    provides
    Credentials information
    typically used for all users
    2. Verify
    credentials
    Login Authentication
    Siebel Object Security
    Service
    Manager Adapter
    Retrieve
    reserved DB Directory
    Account
    Connect using DB account

    3. Connect
    Siebel
    to database
    Database

    Module 10: Securing Siebel Implementations 12 of 17


    Directory Service Considerations
     Reduces administrative overhead
     Eliminates maintenance of a separate database login for each
    user
     Allows Web users to self-register and maintain login information
     Allows automated creation of users from User Administration view
     Allows external delegated administration of users
     Allows credentials store to be shared across multiple
    applications
     May support account policies
     Password expiration
     Password syntax
     Account lockout

    Module 10: Securing Siebel Implementations 13 of 17


    Web Single Sign On
     Security Adapter does not authenticate the
    user; this is performed by third-party service
    Browser at the Web Server level
    1. User
    provides  Security Adapter simply looks up and
    User Credentials information retrieves a user’s Siebel user ID, db
    account based on identity key from external
    Web Server source
    Authentication
    (Auth Client) Login Service
    SWSE
    3. Passes 2. Verifies
    Authenticated User ID authenticated credentials
    and Trust Token User ID and
    trust token
    Siebel Object Security
    Manager Adapter 4. Verifies Retrieves
    trust token Siebel User ID Directory
    and collects and DB
    Connect Using DB Account User ID Account

    Siebel 5. Connects
    Database to database

    Module 10: Securing Siebel Implementations 14 of 17


    Web Single Sign On Considerations
     Uses credentials that are collected and verified by the Web
    Server
     Requires the use of a Trust Token
     Secret value shared by the Web Server and Object Manager
     Allows user to access Siebel applications without any further
    login
     Allows Siebel applications to be deployed into existing Web
    sites and portals

    Module 10: Securing Siebel Implementations 15 of 17


    Web Single Sign On Considerations Continued
     The following Siebel User Administration features are not
    available and should be disabled for consistency:
     User self-registration
     Delegated administration of users
     Login forms
     Logout links
     Change password
     Requires synchronization of users between the Siebel
    application and the external authentication system

    Module 10: Securing Siebel Implementations 16 of 17


    Summary

    This module showed you how to:


     Describe the Siebel application Security Architecture
     Describe the types of authentication supported by Siebel
    applications
     Explain the role of the Security Adapter

    Module 10: Securing Siebel Implementations 17 of 17

    You might also like