Web Single Sign-On

In a Web SSO implementation, users are authenticated by a third party at the Web-site level. Siebel Business Applications support this mode of authentication by providing an interface that allows the third party to pass user information to a Siebel application. Once authenticated by the third party, a user does not have to explicitly log into the Siebel application.
Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

Web SSO architecture is appropriate for Web sites on which only approved registered users can gain access to sensitive data, such as a Web site on which you share data with your channel partners.

Web SSO Authentication Process

• The user enters credentials at the Web site that are passed to the Web server. A third-party authentication client on the Web server passes the user credentials to the third-party authentication service. The third-party authentication service verifies the user credentials and passes the authenticated user’s username to the Siebel Web Server Extension (SWSE).
• The SWSE passes the authenticated user’s username to the authentication manager. The username can be the Siebel user ID or another attribute.
• The security adapter provides the authenticated user’s username to a directory, from which the user’s Siebel user ID, a database account, and, optionally, roles are returned to the authentication manager.
• The Application Object Manager (AOM) uses the returned credentials to connect the user to the database and to identify the user.

Web SSO Limitations

• User self-registration
• Delegated administration of users
• Login forms
• Logout links or the Log Out menu item in the File application-level menu
• Change password feature (in Profile view of User Preferences screen)

Web SSO Implementation Considerations

• Users are authenticated independently of Siebel Business Applications, such as through a third-party authentication service or through the Web server.
• You must synchronize users in the authentication system and users in the Siebel Database at the Web site level.
• You must configure user administration functionality, such as self-registration, at the Web site level.
• A delegated administrator can add users to the Siebel Database, but not to the authentication system.

Implementing Web SSO Authentication

To provide user access to Siebel Business Applications on a Web site implementing Web SSO, the Siebel Business Applications must be able to determine the following from the authentication system:

• Verification that the user has been authenticated
• A user credential that can be passed to the directory, from which the user’s Siebel user ID and database account can be retrieved

In a Web SSO environment, you must also provide your authentication service and any required components, such as an authentication client component.

You can implement the following options in a Web SSO environment that uses a Siebel- compliant security adapter:

• User specification source: You must specify the source from which the Siebel Web Engine derives the user’s identity key: a Web server environment variable or an HTTP request header variable.
• Digital certificate authentication: Siebel Systems supports X.509 digital certificate authentication by the Web server.

4 comments on “Web Single Sign-On”

  1. Nitin Jain Reply


    Nice article. If you ask me, I would really like to see a step by step tutorial on how I can configure it.

    Thanks for the overview.

  2. Ashish Ashish Reply

    Thanks Nitin, This is a basic understanding and an overview of SSO, I will try to put an article on how to configure it.


  3. Pankaj Kathar Reply

    Hello Ashish,

    You have been really GREAT… I would also like to see the configuration step by step for web sso. My project has implemented web sso and I had been trying to get ABC of that since a long time but finally you get me recue, i would like to learn all about configuration, If you have got any, I would like to receive it on my personal email id. I am a new Siebel Admin struggling a lot to learn each and everything… but really feel nice to see the help like you have provided on net, which is free of cost…

    Thanks again…

Leave A Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!