2. About Me
STORY TITLE
§ Darnley Etienne
4Cardinal Health employee
• WebSphere Portal Platform lead Engineer
• Worked with WebSphere since V3.5
• Worked with Portal since 4.1.4
• Certified since WAS 4.0
• COWUG Leader
4Objectives
• This session will cover key features, and Architectural challenges that need to be
considered when integrating Portal, Commerce, WWCM, with external authentication.
• In cases where a definitive answer isn’t possible, which is often the case, this session will
summarize the issues that need to be considered to arrive at the correct answer for your
environment.
• Project still in-flight
2
WebSphere Portal Technical Conference U.S. 2008
2
2
3. About Cardinal Health
STORY TITLE
§ Our Businesses
Cardinal Health is a fortune 19; $87 billion global manufacturer and distributor of medical and surgical supplies and technologies dedicated to
making healthcare safer and more productive. Our customers are located on five continents and include hospitals, medical centers, retail and
mail-order pharmacies, clinics, physicians, pharmacists and other healthcare providers.
Healthcare Supply Chain Services -- Pharmaceutical Clinical Technologies and Services
Clinical Technologies and Services
Healthcare Supply Chain Services Pharmaceutical
We distribute one-third of all pharmaceuticals, medical, lab and Our integrated solutions help hospitals efficiently manage
Our integrated solutions help hospitals efficiently manage
We distribute one-third of all pharmaceuticals, medical, lab and
surgical products in the U.S., and provide comprehensive medication and supplies, while preventing medication errors and
medication and supplies, while preventing medication errors and
surgical products in the U.S., and provide comprehensive
financial, inventory, contract management and marketing hospital-acquired infections. We offer automated systems that
hospital-acquired infections. We offer automated systems that
financial, inventory, contract management and marketing
services to retail, alternate care, and mail-order and hospital store, track and replenish medications and specialty supplies;
store, track and replenish medications and specialty supplies;
services to retail, alternate care, and mail-order and hospital
pharmacies. We're the largest provider of specialized nuclear and technologies for verifying dosages, administering meds and
and technologies for verifying dosages, administering meds and
pharmacies. We're the largest provider of specialized nuclear
pharmaceuticals used to diagnose and treat conditions such as monitoring patient response.
monitoring patient response.
pharmaceuticals used to diagnose and treat conditions such as
cancer and heart disease.
cancer and heart disease.
87% of 2007 revenue 3% of 2007 revenue
3% of 2007 revenue
87% of 2007 revenue
59% of 2007 operating profit 18% of 2007 operating profit
18% of 2007 operating profit
59% of 2007 operating profit
10,100 employees 7,200 employees
7,200 employees
10,100 employees
Healthcare Supply Chain Services -- Medical Medical Products and Technologies
Healthcare Supply Chain Services Medical Medical Products and Technologies
We distribute an unrivaled selection of medical products and We develop and manufacture essential medical and surgical
We distribute an unrivaled selection of medical products and We develop and manufacture essential medical and surgical
supplies to hospitals, laboratories, surgical centers and products used in healthcare's most frequently performed
supplies to hospitals, laboratories, surgical centers and products used in healthcare's most frequently performed
physician offices. We also provide integrated supply chain and procedures. Products include infection-prevention supplies, such
physician offices. We also provide integrated supply chain and procedures. Products include infection-prevention supplies, such
logistics solutions to help control costs, improve efficiencies and as gloves, masks, drapes and gowns; interventional radiological
logistics solutions to help control costs, improve efficiencies and as gloves, masks, drapes and gowns; interventional radiological
increase effectiveness. products; respiratory care products and services; surgical
increase effectiveness. products; respiratory care products and services; surgical
instruments; and clinical laboratory products.
instruments; and clinical laboratory products.
3% of 2007 revenue 2% of 2007 revenue
3% of 2007 revenue 2% of 2007 revenue
18% of 2007 operating profit 9% of 2007 operating profit
18% of 2007 operating profit 9% of 2007 operating profit
7,200 employees 13,200 employees
7,200 employees 13,200 employees
3
WebSphere Portal Technical Conference U.S. 2008
3
3
4. Cardinal Health at a Glance
STORY TITLE
§ Fortune 19; $87 billion global company – dedicated to making
healthcare safer and more productive…..
4Everyday…
• Help dispense more than 5 million doses of medicine
• Manufacture more than four million products
• Have products used in 50% of all surgeries
• Have products used by 90% of all hospitals in the U.S.
• Employ more than 1800 pharmacists and 100 scientist
• Make more than 50,000 deliveries to 40,000 customers
4
WebSphere Portal Technical Conference U.S. 2008
4
4
5. Agenda
STORY TITLE
§ Project goals
§ Project Overview
§ Technical Overview
§ Implementation challenges
§ Under the covers
5
WebSphere Portal Technical Conference U.S. 2008
5
5
6. IBM is helping customers
deliver the user experiences
What are we doing?
they choose to their
partners, employees,
customers, or citizens, with
STORY TITLE
flexibility for change and
based on open standards.
§ Project Goals
4 Modernize our security infrastructure
4 Modernize our existing customer facing self service offerings
4 Retire legacy systems
4 Aggregation Support
4 Leverage Portal, WWCM and Commerce to accelerate Web 2.0 implementations
4 Single Sign-On
6
WebSphere Portal Technical Conference U.S. 2008
6
6
7. Agenda
STORY TITLE
§ Project goals
§ Project Overview
§ Technical Overview
§ Implementation challenges
§ Under the covers
7
WebSphere Portal Technical Conference U.S. 2008
7
7
8. Project overview
STORY TITLE
§ What are we doing?
4 Cardinal Health is modernizing our entire technology
infrastructure to meet the demand of our customers. We are
doing that by leveraging the power of Portal, Commerce, and
Content Management together. Accomplishing the goals will
reduce the time to market for new customer functionality.
4 First Project
• Security replacement
− External Security Manager
− Standardized way to achieve SSO across the
Enterprise
− WebSphere Portal – Retire or expose Legacy Applications
− WebAppIntegrator
− iFrames
− New Portlet applications
8
WebSphere Portal Technical Conference U.S. 2008
8
8
9. Project overview
STORY TITLE
§ What are we doing?
4 Second Project
• Web Ordering upgrade
− WebSphere Commerce
− Workplace Web Content Management (WWCM)
− Help content
9
WebSphere Portal Technical Conference U.S. 2008
9
9
10. Agenda
STORY TITLE
§ Project goals
§ Project Overview
§ Technical Overview
§ Implementation challenges
§ Under the covers
10
WebSphere Portal Technical Conference U.S. 2008
10
10
11. CA Single Sign-On
STORY TITLE
§ Consolidates application access into a Single login page
11
WebSphere Portal Technical Conference U.S. 2008
11
11
12. WebSphere Commerce
STORY TITLE
§ WebSphere Commerce is a stand-alone packaged eCommerce solution from IBM. It
gives you the ability to do business directly with customers (B2C), Businesses (B2B),
and indirectly through channel partners. This can all be done simultaneously.
12
WebSphere Portal Technical Conference U.S. 2008
12
12
13. WebSphere Commerce Installation
STORY TITLE
§ WebSphere Commerce is a WAS application Platform/Middleware Similar to Portal
4 Wizard driven installation
13
WebSphere Portal Technical Conference U.S. 2008
13
13
14. WebSphere Commerce Portal Integration
STORY TITLE
14
WebSphere Portal Technical Conference U.S. 2008
14
14
15. WebSphere Commerce Portal Integration
STORY TITLE
15
WebSphere Portal Technical Conference U.S. 2008
15
15
16. WebSphere Commerce Portal Integration
STORY TITLE
Find
Component
Category
Façade
Portal page ‘Catalog’
Find
Product
Client
Commerce Web Services
library
Portlets
Ø OAGIS BODs
Ø HTTP/S Add
Component
Item
Ø MQ Façade
Ø JMS ‘Order’
WebSphere Portal Server
Add
Payment
etc.
WebSphere Commerce Server
16
WebSphere Portal Technical Conference U.S. 2008
16
16
17. WebSphere Commerce Portal Integration
STORY TITLE
§ Provided Commerce Store Portlets
Catalog
My Order
Portlet
Portlet
My Product
Portlet
Catalog
Search Cashier
Portlet Portlet My Cart
Portlet
My Account
Portal Portlet
Portlet
17
WebSphere Portal Technical Conference U.S. 2008
17
17
18. Workplace Web Content Management Integration
STORY TITLE
§ Installation
4 Databases
• WPS
• WMM
• CMY
• CTZ
• LIKE
• FDBK
• JCR
4 Security
• WMMUR
4 Authoring Portlet
18
WebSphere Portal Technical Conference U.S. 2008
18
18
19. Agenda
STORY TITLE
§ Project goals
§ Project Overview
§ Technical Overview
§ Implementation challenges
§ Under the covers
19
WebSphere Portal Technical Conference U.S. 2008
19
19
20. Security
STORY TITLE
§ Portal requires a user store
4 LDAP is the common choice
§ Portal depends on LTPA token generation
4 Cookies must be accepted and returned from the browser, or
Authentication proxy
§ Portal is a custom Form Login application to WAS
4 WAS can perform the authentication, or accepts assertion via
Application Server Agent
20
WebSphere Portal Technical Conference U.S. 2008
20
20
21. Security configuration
STORY TITLE
§ Web Server requires a Web Agent installation
4 The CA Web Agent supports standard Web Servers
• Requires a registration process that will fail
• Enables login form page (theme must be modified)
− login.fcc
§ Application Server Agent (Trust Association Interceptor - TAI)
4 The CA Application Server Agent supports WebSphere AppServer
• Requires a registration process that will fail
• Protects context root
− /wps/myportal*
§ Automation for TAI configuration
4 WPSconfig enable-sm-tai
− INCORRECT:
− com.netegrity.siteminder.websphere.tai.SiteMinderTrustAssociationInterceptor
− CORRECT:
21
− com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor
WebSphere Portal Technical Conference U.S. 2008
21
21
22. Security configuration
STORY TITLE
22
WebSphere Portal Technical Conference U.S. 2008
22
22
23. Single Sign-On
STORY TITLE
§ WebSphere Commerce Server supports three levels of authentication
4 Simulated Single Sign-On
• For development environment ease of setup
• Does not require LDAP repository
• Achieve Single Sign-On in development environment
4 Basic Authentication
• Performs better than LTPA
• Can run with global security off
• Requires custom implementation
4 LTPA - Lightweight Third Party Authentication
• Most secure
• Requires global security
23
WebSphere Portal Technical Conference U.S. 2008
23
23
24. Single Sign-On
STORY TITLE
24
WebSphere Portal Technical Conference U.S. 2008
24
24
25. Single Sign-On
STORY TITLE
§ To achieve Single Sign-On using LTPA between Portal and Commerce, each Portlet
must be modified
25
WebSphere Portal Technical Conference U.S. 2008
25
25
26. Single Sign-On
STORY TITLE
§ ‘MVCPortlet’ Authentication
4 WebSphere Commerce Portlet
• Custom configuration in each Portlet
− .AuthenticationType
− LTPA
26
WebSphere Portal Technical Conference U.S. 2008
26
26
27. Single Sign-On
STORY TITLE
§ Stand Alone configuration
4 LDAP
• Commerce and Portal MUST use the same user registry
− Identity assertion VIA Web Services
• Exchange LTPA Keys
− Ensure realms match if using Portal WMMUR security
− Admin console
− Security.xml
27
WebSphere Portal Technical Conference U.S. 2008
27
27
28. Workplace Web Content Management
STORY TITLE
§ Installation
4 Normal Portal installation
• Databases
− WPS
− WMM
− CMY
− CTZ
− LIKE
− FDBK
− JCR (Java Content Repository)
4 Authoring
• Content migration
− Content does not follow the Software Development Life
28
WebSphere Portal Technical Conference U.S. 2008
28
28
Cycle
29. Workplace Web Content Management
STORY TITLE
29
WebSphere Portal Technical Conference U.S. 2008
29
29
30. Workplace Web Content Management
STORY TITLE
§ Integrated
4 In a integrated infrastructure, Workplace Web Content
Management software is running on all of your production
WebSphere Portal servers.
• More license cost
• More workload
• Less hardware
30
WebSphere Portal Technical Conference U.S. 2008
30
30
31. Workplace Web Content Management
STORY TITLE
§ Distributed
4 In a distributed infrastructure, Workplace Web Content
Management software is running on a separate set of servers
from your production WebSphere Portal servers.
• More hardware
• Less license costs
• Less Workload
31
WebSphere Portal Technical Conference U.S. 2008
31
31
32. Workplace Web Content Management
STORY TITLE
§ Single Sign-On
4 LTPA
32
WebSphere Portal Technical Conference U.S. 2008
32
32
33. User registry integration
STORY TITLE
4 Commerce OU design was not accepted
• Own LDAP
− Test several scenarios
33
WebSphere Portal Technical Conference U.S. 2008
33
33
34. Proof of concept
STORY TITLE
§ Test 1
4 Portal, Commerce, and ESM to a common LDAP host
• SSO was achieved using LTPA
− LTPA token was sent to the Commerce Server from the Commerce Portlets in
Portal and passed a valid LTPA token that Commerce could understand.
34
WebSphere Portal Technical Conference U.S. 2008
34
34
35. Proof of concept
STORY TITLE
§ Test 2
4 Portal and ESM to a common LDAP host
4 Commerce to a different LDAP host
• SSO was not achieved
− LTPA token sent in the WS call sends the LDAP information. If they aren’t the
same, WebSphere on the Commerce side will reject the request
35
WebSphere Portal Technical Conference U.S. 2008
35
35
36. Proof of concept
STORY TITLE
§ Test 3
4 Portal and Commerce to a common LDAP host
4 ESM to a different LDAP host
• SSO was not achieved out of the box
− Because the DN of the user is different between both LDAP servers, logins to
Portal Server failed
36
WebSphere Portal Technical Conference U.S. 2008
36
36
37. Proof of concept
STORY TITLE
§ Test 4
4 Portal and Commerce to a common LDAP host
4 ESM to a different LDAP host
• SSO was achieved
− User Identity mapping in CA
37
WebSphere Portal Technical Conference U.S. 2008
37
37
38. Proof of concept
STORY TITLE
§ Test 5
4 Portal, Commerce, and WWCM point to a common LDAP host
4 ESM to a different LDAP host
• SSO was achieved
− User Identity mapping in CA
38
WebSphere Portal Technical Conference U.S. 2008
38
38
39. Agenda
STORY TITLE
§ Project goals
§ Project Overview
§ Technical Overview
§ Implementation challenges
§ Under the covers
39
WebSphere Portal Technical Conference U.S. 2008
39
39
40. Under the covers
STORY TITLE
HTTP request
Form login page
Userid/passwd
Credential authentication request
Credential authentication response
Forward request
Is resource protected?
Yes
getTAI
isTargetInteceptor (HttpServletRequest)
validateEstablishedTrust (HttpServletRequest)
getAuthenticatedUserName (HttpServletRequest)
groupMemberShipLookup
Forward to Portal
40
WebSphere Portal Technical Conference U.S. 2008
40
40
41. Questions
STORY TITLE
§ Thank you!!
41
WebSphere Portal Technical Conference U.S. 2008
41
41
42. Additional Information and Resources
WebSphere Portal – IBM Site
STORY TITLE
http://www-3.ibm.com/software/genservers/portal/
WebSphere Portal Business Solutions Catalog:
http://catalog.lotus.com/wps/portal/portal
Websphere Portal Developer’s Zone
http://www-106.ibm.com/developerworks/websphere/zones/portal/
Product Documentation and WebSphere Portal Wiki
http://www-3.ibm.com/software/genservers/portal/library/
http://www-10.lotus.com/ldd/portalwiki.nsf
WebSphere Commerce – IBM Site
http://www-01.ibm.com/software/genservers/commerceproductline/
WebSphere Commerce Developer’s Zone
https://www.ibm.com/developerworks/websphere/zones/commerce/
42
WebSphere Portal Technical Conference U.S. 2008
42
42
43. STORY TITLE
WebSphere Portal Technical Conference U.S. 2008
Session ID:
Session:
Presenter(s):
Please take a few minutes to fill out the session survey. Thank you
Mark your calendars!
2009 U.S. WebSphere Portal Technical Conference
October 12-15, 2009, Sheraton San Diego Hotel and Marina
12-
43
WebSphere Portal Technical Conference U.S. 2008
43
43