ibm - cardinal health - portal case study

© 2008 IBM

Session ID: S01

Session Title: The Cardinal Health Portal solution: The front end to Commerce and Web Content Management

Speaker(s): Darnley Etienne

WebSphere Portal Technical Conference U.S. 2008

STORY TITLE

2WebSphere Portal Technical Conference U.S. 200822

About Me

§ Darnley Etienne

4Cardinal Health employee

• WebSphere Portal Platform lead Engineer

• Worked with WebSphere since V3.5

• Worked with Portal since 4.1.4

• Certified since WAS 4.0

• COWUG Leader

4Objectives

• This session will cover key features, and Architectural challenges that need to be considered when integrating Portal, Commerce, WWCM, with external authentication.

• In cases where a definitive answer isn’t possible, which is often the case, this session will summarize the issues that need to be considered to arrive at the correct answer for your environment.

• Project still in-flight

STORY TITLE


About Cardinal Health

§ Our Businesses

Cardinal Health is a fortune 19; $87 billion global manufacturer and distributor of medical and surgical supplies and technologies dedicated to making healthcare safer and more productive. Our customers are located on five continents and include hospitals, medical centers, retail and mail-order pharmacies, clinics, physicians, pharmacists and other healthcare providers.

Healthcare Supply Chain Services - PharmaceuticalWe distribute one-third of all pharmaceuticals, medical, lab and surgical products in the U.S., and provide comprehensive financial, inventory, contract management and marketing services to retail, alternate care, and mail-order and hospital pharmacies. We're the largest provider of specialized nuclear pharmaceuticals used to diagnose and treat conditions such as cancer and heart disease.

87% of 2007 revenue59% of 2007 operating profit10,100 employees

Healthcare Supply Chain Services - PharmaceuticalWe distribute one-third of all pharmaceuticals, medical, lab and surgical products in the U.S., and provide comprehensive financial, inventory, contract management and marketing services to retail, alternate care, and mail-order and hospital pharmacies. We're the largest provider of specialized nuclear pharmaceuticals used to diagnose and treat conditions such as cancer and heart disease.


Clinical Technologies and ServicesOur integrated solutions help hospitals efficiently manage medication and supplies, while preventing medication errors and hospital-acquired infections. We offer automated systems that store, track and replenish medications and specialty supplies; and technologies for verifying dosages, administering meds and monitoring patient response.


Clinical Technologies and ServicesOur integrated solutions help hospitals efficiently manage medication and supplies, while preventing medication errors and hospital-acquired infections. We offer automated systems that store, track and replenish medications and specialty supplies; and technologies for verifying dosages, administering meds and monitoring patient response.


Healthcare Supply Chain Services - MedicalWe distribute an unrivaled selection of medical products and supplies to hospitals, laboratories, surgical centers and physician offices. We also provide integrated supply chain and logistics solutions to help control costs, improve efficiencies and increase effectiveness.


Healthcare Supply Chain Services - MedicalWe distribute an unrivaled selection of medical products and supplies to hospitals, laboratories, surgical centers and physician offices. We also provide integrated supply chain and logistics solutions to help control costs, improve efficiencies and increase effectiveness.


Medical Products and TechnologiesWe develop and manufacture essential medical and surgical products used in healthcare's most frequently performed procedures. Products include infection-prevention supplies, such as gloves, masks, drapes and gowns; interventional radiological products; respiratory care products and services; surgical instruments; and clinical laboratory products.


Medical Products and TechnologiesWe develop and manufacture essential medical and surgical products used in healthcare's most frequently performed procedures. Products include infection-prevention supplies, such as gloves, masks, drapes and gowns; interventional radiological products; respiratory care products and services; surgical instruments; and clinical laboratory products.


STORY TITLE


Cardinal Health at a Glance

§ Fortune 19; $87 billion global company – dedicated to making healthcare safer and more productive…..

4Everyday…

• Help dispense more than 5 million doses of medicine

• Manufacture more than four million products

• Have products used in 50% of all surgeries

• Have products used by 90% of all hospitals in the U.S.

• Employ more than 1800 pharmacists and 100 scientist

• Make more than 50,000 deliveries to 40,000 customers

STORY TITLE


§ Project goals

§ Project Overview

§ Technical Overview

§ Implementation challenges

§ Under the covers

Agenda

STORY TITLE


What are we doing?IBM is helping customers

deliver the user experiences they choose to their

partners, employees, customers, or citizens, with

flexibility for change and based on open standards.

§ Project Goals

4 Modernize our security infrastructure

4 Modernize our existing customer facing self service offerings

4 Retire legacy systems

4 Aggregation Support

4 Leverage Portal, WWCM and Commerce to accelerate Web 2.0 implementations

4 Single Sign-On

STORY TITLE


Agenda

§ Project goals

§ Project Overview



§ Under the covers

STORY TITLE


Project overview

§ What are we doing?

4Cardinal Health is modernizing our entire technology infrastructure to meet the demand of our customers. We are doing that by leveraging the power of Portal, Commerce, and Content Management together. Accomplishing the goals will reduce the time to market for new customer functionality.

4First Project

• Security replacement

− External Security Manager

− Standardized way to achieve SSO across the Enterprise

− WebSphere Portal – Retire or expose Legacy Applications

− WebAppIntegrator

− iFrames

− New Portlet applications

STORY TITLE


Project overview

§ What are we doing?

4Second Project

• Web Ordering upgrade

− WebSphere Commerce

− Workplace Web Content Management (WWCM)

− Help content

STORY TITLE


Agenda

§ Project goals

§ Project Overview



§ Under the covers

STORY TITLE


§ Consolidates application access into a Single login page

CA Single Sign-On

STORY TITLE


WebSphere Commerce

§ WebSphere Commerce is a stand-alone packaged eCommerce solution from IBM. It gives you the ability to do business directly with customers (B2C), Businesses (B2B), and indirectly through channel partners. This can all be done simultaneously.

STORY TITLE


WebSphere Commerce Installation

§ WebSphere Commerce is a WAS application Platform/Middleware Similar to Portal

4Wizard driven installation

STORY TITLE


WebSphere Commerce Portal Integration

STORY TITLE



STORY TITLE


CommercePortlets

Portal page

Clientlibrary

WebSphere Commerce Server

ComponentFaçade

‘Order’

FindCategory

WebSphere Portal Server

etc.

Web Services

Ø OAGIS BODs

Ø HTTP/S

Ø MQ

Ø JMS

FindProduct

AddItem

AddPayment

ComponentFaçade

‘Catalog’


STORY TITLE


§ Provided Commerce Store Portlets


Catalog Portlet

Catalog SearchPortlet

My CartPortlet

My Account Portlet

My OrderPortlet

My ProductPortlet

Cashier Portlet

Portal Portlet

STORY TITLE


Workplace Web Content Management Integration

§ Installation

4Databases

• WPS

• WMM

• CMY

• CTZ

• LIKE

• FDBK

• JCR

4Security

• WMMUR

4Authoring Portlet

STORY TITLE


Agenda

§ Project goals

§ Project Overview



§ Under the covers

STORY TITLE


Security

§ Portal requires a user store

4LDAP is the common choice

§ Portal depends on LTPA token generation

4Cookies must be accepted and returned from the browser, or Authentication proxy

§ Portal is a custom Form Login application to WAS

4WAS can perform the authentication, or accepts assertion via Application Server Agent

STORY TITLE


Security configuration

§ Web Server requires a Web Agent installation

4The CA Web Agent supports standard Web Servers• Requires a registration process that will fail

• Enables login form page (theme must be modified)

− login.fcc

§ Application Server Agent (Trust Association Interceptor - TAI)

4The CA Application Server Agent supports WebSphere AppServer• Requires a registration process that will fail

• Protects context root

− /wps/myportal*

§ Automation for TAI configuration

4WPSconfig enable-sm-tai

− INCORRECT:− com.netegrity.siteminder.websphere.tai.SiteMinderTrustAssociationInterceptor

− CORRECT:− com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor

STORY TITLE


Security configuration

STORY TITLE


Single Sign-On

§ WebSphere Commerce Server supports three levels of authentication

4 Simulated Single Sign-On

• For development environment ease of setup

• Does not require LDAP repository

• Achieve Single Sign-On in development environment

4 Basic Authentication

• Performs better than LTPA

• Can run with global security off

• Requires custom implementation

4 LTPA - Lightweight Third Party Authentication

• Most secure

• Requires global security

STORY TITLE


Single Sign-On

STORY TITLE


§ To achieve Single Sign-On using LTPA between Portal and Commerce, each Portlet must be modified

Single Sign-On

STORY TITLE


Single Sign-On

§ ‘MVCPortlet’ Authentication

4WebSphere Commerce Portlet

• Custom configuration in each Portlet

− .AuthenticationType

− LTPA

STORY TITLE


Single Sign-On

§ Stand Alone configuration

4LDAP

• Commerce and Portal MUST use the same user registry

− Identity assertion VIA Web Services

• Exchange LTPA Keys

− Ensure realms match if using Portal WMMUR security

− Admin console

− Security.xml

STORY TITLE


§ Installation

4Normal Portal installation

• Databases

− WPS

− WMM

− CMY

− CTZ

− LIKE

− FDBK

− JCR (Java Content Repository)

4Authoring

• Content migration

− Content does not follow the Software Development Life Cycle

Workplace Web Content Management

STORY TITLE



STORY TITLE


§ Integrated

4 In a integrated infrastructure, Workplace Web Content Management software is running on all of your production WebSphere Portal servers.

• More license cost

• More workload

• Less hardware


STORY TITLE



§ Distributed

4 In a distributed infrastructure, Workplace Web Content Management software is running on a separate set of servers from your production WebSphere Portal servers.

• More hardware

• Less license costs

• Less Workload

STORY TITLE


§ Single Sign-On

4 LTPA


STORY TITLE


User registry integration

4Commerce OU design was not accepted

• Own LDAP

− Test several scenarios

STORY TITLE


Proof of concept

§ Test 14 Portal, Commerce, and ESM to a common LDAP host

• SSO was achieved using LTPA

− LTPA token was sent to the Commerce Server from the Commerce Portlets in Portal and passed a valid LTPA token that Commerce could understand.

STORY TITLE


Proof of concept

§ Test 24 Portal and ESM to a common LDAP host

4 Commerce to a different LDAP host

• SSO was not achieved

− LTPA token sent in the WS call sends the LDAP information. If they aren’t the same, WebSphere on the Commerce side will reject the request

STORY TITLE


Proof of concept

§ Test 34 Portal and Commerce to a common LDAP host

4 ESM to a different LDAP host

• SSO was not achieved out of the box

− Because the DN of the user is different between both LDAP servers, logins to Portal Server failed

STORY TITLE


Proof of concept

§ Test 44 Portal and Commerce to a common LDAP host


• SSO was achieved

− User Identity mapping in CA

STORY TITLE


Proof of concept

§ Test 54 Portal, Commerce, and WWCM point to a common LDAP host


• SSO was achieved

− User Identity mapping in CA

STORY TITLE


Agenda

§ Project goals

§ Project Overview



§ Under the covers

STORY TITLE


Under the covers

HTTP request

Form login page

Userid/passwd

Credential authentication request

Credential authentication response

Forward request

Is resource protected?

Yes

getTAI

isTargetInteceptor (HttpServletRequest)

validateEstablishedTrust (HttpServletRequest)

getAuthenticatedUserName (HttpServletRequest)

groupMemberShipLookup

Forward to Portal

STORY TITLE


§ Thank you!!

Questions

STORY TITLE


Additional Information and Resources

WebSphere Portal – IBM Site

http://www-3.ibm.com/software/genservers/portal/

WebSphere Portal Business Solutions Catalog:

http://catalog.lotus.com/wps/portal/portal

Websphere Portal Developer’s Zone

http://www-106.ibm.com/developerworks/websphere/zones/portal/

Product Documentation and WebSphere Portal Wiki

http://www-3.ibm.com/software/genservers/portal/library/

http://www-10.lotus.com/ldd/portalwiki.nsf

WebSphere Commerce – IBM Site

http://www-01.ibm.com/software/genservers/commerceproductline/

WebSphere Commerce Developer’s Zone

https://www.ibm.com/developerworks/websphere/zones/commerce/

STORY TITLE


Session ID:

Session:

Presenter(s):

Please take a few minutes to fill out the session survey. Thank you

Mark your calendars!Mark your calendars!

2009 U.S. WebSphere Portal Technical Conference2009 U.S. WebSphere Portal Technical ConferenceOctober 12October 12--15, 2009, Sheraton San Diego Hotel and Marina15, 2009, Sheraton San Diego Hotel and Marina

WebSphere Portal Technical Conference U.S. 2008

STORY TITLE


© IBM Corporation 2008 All Rights Reserved.

The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.

IBM, the IBM logo, WebSphere, Lotus, Lotus Notes, Domino, Quickplace, Sametime, Workplace and Quickr are trademarks of International Business Machines Corporation in the United States, other countries, or both.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Other company, product, or service names may be trademarks or service marks of others.

All references to Renovations Inc. refer to a fictitious company and are used for illustration purposes only.

ibm - cardinal health - portal case study

Technology

medical medical products

clinical laboratory

lab andsurgical products

medical centers

surgical supplies

specialty supplies services

distributor of medical

operating profit9