Post on 15-Apr-2017
© 2008 IBM
Session ID: S01
Session Title: The Cardinal Health Portal solution: The front end to Commerce and Web Content Management
Speaker(s): Darnley Etienne
WebSphere Portal Technical Conference U.S. 2008
STORY TITLE
2WebSphere Portal Technical Conference U.S. 20082
About Me Darnley Etienne
Cardinal Health employee
• WebSphere Platform Technical lead• Worked with WebSphere since V3.5• Worked with Portal since 4.1.4• Certified since WAS 4.0• COWUG Leader
Objectives
• This session will cover key features, and Architectural challenges that need to be considered when integrating Portal, Commerce, WWCM, with external authentication.
• In cases where a definitive answer isn’t possible, which is often the case, this session will summarize the issues that need to be considered to arrive at the correct answer for your environment.
• Project still in-flight
•Application development is a different topic all together!!!!
STORY TITLE
3WebSphere Portal Technical Conference U.S. 20083
About Cardinal Health Our Businesses
Cardinal Health is a fortune 19; $87 billion global manufacturer and distributor of medical and surgical supplies and technologies dedicated to making healthcare safer and more productive. Our customers are located on five continents and include hospitals, medical centers, retail and mail-order pharmacies, clinics, physicians, pharmacists and other healthcare providers.
Healthcare Supply Chain Services - PharmaceuticalWe distribute one-third of all pharmaceuticals, medical, lab and surgical products in the U.S., and provide comprehensive financial, inventory, contract management and marketing services to retail, alternate care, and mail-order and hospital pharmacies. We're the largest provider of specialized nuclear pharmaceuticals used to diagnose and treat conditions such as cancer and heart disease.
87% of 2007 revenue59% of 2007 operating profit10,100 employees
Clinical Technologies and ServicesOur integrated solutions help hospitals efficiently manage medication and supplies, while preventing medication errors and hospital-acquired infections. We offer automated systems that store, track and replenish medications and specialty supplies; and technologies for verifying dosages, administering meds and monitoring patient response.
3% of 2007 revenue18% of 2007 operating profit7,200 employees
Healthcare Supply Chain Services - MedicalWe distribute an unrivaled selection of medical products and supplies to hospitals, laboratories, surgical centers and physician offices. We also provide integrated supply chain and logistics solutions to help control costs, improve efficiencies and increase effectiveness.
3% of 2007 revenue18% of 2007 operating profit7,200 employees
Medical Products and TechnologiesWe develop and manufacture essential medical and surgical products used in healthcare's most frequently performed procedures. Products include infection-prevention supplies, such as gloves, masks, drapes and gowns; interventional radiological products; respiratory care products and services; surgical instruments; and clinical laboratory products.
2% of 2007 revenue9% of 2007 operating profit13,200 employees
STORY TITLE
4WebSphere Portal Technical Conference U.S. 20084
Cardinal Health at a Glance Dedicated to making healthcare safer and more productive…..
Everyday…
• Help dispense more than 5 million doses of medicine
• Manufacture more than four million products
• Have products used in 50% of all surgeries
• Have products used by 90% of all hospitals in the U.S.
• Employ more than 1800 pharmacists and 100 scientist
• Make more than 50,000 deliveries to 40,000 customers
STORY TITLE
5WebSphere Portal Technical Conference U.S. 20085
Agenda
Project Overview
Technical Overview
Implementation challenges
Under the covers
STORY TITLE
6WebSphere Portal Technical Conference U.S. 20086
Project overview What are we doing?
Cardinal Health is modernizing our entire technology infrastructure to meet the demand of our customers. We are doing that by leveraging the power of Portal, Commerce, and Content Management.
Security Replacement
− CA Product set
− Stand up WebSphere Portal
− WebAppIntegrator− iFrames− New Portlet applications
− Retire legacy Applications and application server's
Web Ordering
− WebSphere Commerce
− Workplace Web Content Management
STORY TITLE
7WebSphere Portal Technical Conference U.S. 20087
Agenda
Project Overview
Technical Overview
Implementation challenges
Under the covers
STORY TITLE
8WebSphere Portal Technical Conference U.S. 20088
Product Overview Computer Associates suite
eTrust Site-Minder V6 Application Server Agent (Trust Association Interceptor)
Portal 6.0.1.4 WAS 6.0.2.27 DB2 9.1
WebSphere Commerce 6.0.0.4 WAS 6.0.2.27 DB2 8.2
Workplace Web Content Management 6.0.1.4 (Portal) WAS 6.0.2.27 DB2 9.1
WebSphere Application Server 6.1.0.17 Web Services layer
STORY TITLE
9WebSphere Portal Technical Conference U.S. 20089
CA Single Sign-On eTrust Site Minder Web Agent
eTrust Application Server Agent (Trust Association Interceptor)
STORY TITLE
10WebSphere Portal Technical Conference U.S. 200810
WebSphere Commerce WebSphere Commerce is a stand-alone packaged eCommerce solution from
IBM. It gives you the ability to do business directly with customers (B2C), Businesses (B2B), and indirectly through channel partners.
Customizable
STORY TITLE
11WebSphere Portal Technical Conference U.S. 200811
Provided Commerce Store Portlets
WebSphere Commerce Portal Integration
Catalog Portlet
Catalog SearchPortlet My Cart
Portlet
My Account Portlet
My OrderPortlet
My ProductPortlet
Cashier Portlet
Portal Portlet
STORY TITLE
12WebSphere Portal Technical Conference U.S. 200812
WebSphere Commerce Portal Integration
STORY TITLE
13WebSphere Portal Technical Conference U.S. 200813
CommercePortlets
Portal page
Clientlibrary
WebSphere Commerce Server
ComponentFaçade
‘Order’
FindCategory
WebSphere Portal Server
etc.
Web ServicesFind
Product
AddItem
AddPayment
ComponentFaçade
‘Catalog’
WebSphere Commerce Portal Integration
STORY TITLE
14WebSphere Portal Technical Conference U.S. 200814
WebSphere Commerce Installation WebSphere Commerce is a WAS application Platform/Middleware Similar to
Portal
Wizard driven installation
STORY TITLE
15WebSphere Portal Technical Conference U.S. 200815
Workplace Web Content Management Integration Normal Portal installation
Databases Security Authoring portlet
Deliver personalized content
Training information
System messages
Help
Common task
STORY TITLE
16WebSphere Portal Technical Conference U.S. 200816
Hardware Overview
Portal
WC
WCM
Deployment Manager
Deployment Manager WAS WAS WAS
Portal Portal
WC WC
WCM WCM
OS AIX 5.3 Large page support Two Cells
6.1 6.0
STORY TITLE
17WebSphere Portal Technical Conference U.S. 200817
Agenda
Project Overview
Technical Overview
Implementation challenges
Under the covers
STORY TITLE
18WebSphere Portal Technical Conference U.S. 200818
CA and Portal integration Web Server requires a Web Agent installation
The CA Web Agent supports standard Web Servers• Requires a registration process
− Cryptography extensions• Changing the login page (theme must be modified)
− login.fcc
Application Server Agent (Trust Association Interceptor - TAI) The CA Application Server Agent supports WebSphere AppServer
• Protects context root− /wps/myportal*
• CR006 patch
Automation for TAI configuration WPSconfig enable-sm-tai
− INCORRECT:− com.netegrity.siteminder.websphere.tai.SiteMinderTrustAssociationInterce
ptor
− CORRECT:− com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor
STORY TITLE
19WebSphere Portal Technical Conference U.S. 200819
CA and Portal integration
STORY TITLE
20WebSphere Portal Technical Conference U.S. 200820
Portal and Commerce SSO integration WebSphere Commerce Server supports three levels of
authentication Simulated Single Sign-On
• For development environment ease of setup• Does not require LDAP repository• Achieve Single Sign-On in development environment
Basic Authentication• Performs better than LTPA• Can run with global security off• Requires custom implementation
LTPA - Lightweight Third Party Authentication • Most secure• Requires global security
STORY TITLE
21WebSphere Portal Technical Conference U.S. 200821
Portal and Commerce SSO integration
STORY TITLE
22WebSphere Portal Technical Conference U.S. 200822
To achieve Single Sign-On using LTPA between Portal and Commerce, each Portlet must be modified
Portal and Commerce SSO integration
STORY TITLE
23WebSphere Portal Technical Conference U.S. 200823
Portal and Commerce SSO integration WebSphere Commerce Portlet
Custom configuration in each Portlet− .AuthenticationType− LTPA
STORY TITLE
24WebSphere Portal Technical Conference U.S. 200824
Portal and Commerce SSO integration Stand Alone configuration
LDAP
• Commerce and Portal MUST use the same user registry− LDAP is the common choice− Identity assertion VIA Web Services
• Exchange LTPA Keys− Ensure realms match if using Portal WMMUR security
− Admin console− Security.xml
STORY TITLE
25WebSphere Portal Technical Conference U.S. 200825
Installation
Normal Portal installation
• Databases− JCR (Java Content Repository)
Authoring• Content migration
− Content does not follow the Software Development Life Cycle
Workplace Web Content Management
STORY TITLE
26WebSphere Portal Technical Conference U.S. 200826
Workplace Web Content Management
STORY TITLE
27WebSphere Portal Technical Conference U.S. 200827
Integrated
In a integrated infrastructure, Workplace Web Content Management software is running on all of your production WebSphere Portal servers.
• More license cost• More workload• Less hardware
Distributed
In a distributed infrastructure, Workplace Web Content Management software is running on a separate set of servers from your production WebSphere Portal servers.
• More hardware• Less license costs• Less Workload
Workplace Web Content Management
STORY TITLE
28WebSphere Portal Technical Conference U.S. 200828
Stand Alone configuration
LTPA
Portal and Workplace Web Content Management SSO integration
STORY TITLE
29WebSphere Portal Technical Conference U.S. 200829
CA Single Sign-On Web Agent CA TAI
/wps/portal /wps/myportal*
/wps/wcm/connect /wps/wcm/myconnect
CA and Workplace Web Content Management integration
STORY TITLE
30WebSphere Portal Technical Conference U.S. 200830
User registry integration Test 1
Portal, Commerce, and ESM to a common LDAP host• SSO was achieved using LTPA
− LTPA token was sent to the Commerce Server from the Commerce Portlets in Portal and passed a valid LTPA token that Commerce could understand.
STORY TITLE
31WebSphere Portal Technical Conference U.S. 200831
User registry integration Test 2
Portal and ESM to a common LDAP host Commerce to a different LDAP host
• SSO was not achieved− LTPA token sent in the WS call sends the LDAP information. If they
aren’t the same, WebSphere on the Commerce side will reject the request
STORY TITLE
32WebSphere Portal Technical Conference U.S. 200832
User registry integration Test 3
Portal and Commerce to a common LDAP host ESM to a different LDAP host
• SSO was not achieved out of the box− Because the DN of the user is different between both LDAP servers,
logins to Portal Server failed
STORY TITLE
33WebSphere Portal Technical Conference U.S. 200833
User registry integration Test 4
Portal and Commerce to a common LDAP host ESM to a different LDAP host
• SSO was achieved− User Identity mapping in CA
STORY TITLE
34WebSphere Portal Technical Conference U.S. 200834
Agenda
Project Overview
Technical Overview
Implementation challenges
Under the covers
STORY TITLE
35WebSphere Portal Technical Conference U.S. 200835
Under the covers
HTTP request
Form login page
Userid/passwd
Credential authentication request
Credential authentication response
Forward request
Is resource protected?
Yes
getTAI
isTargetInteceptor (HttpServletRequest)
validateEstablishedTrust (HttpServletRequest)
getAuthenticatedUserName (HttpServletRequest)
groupMemberShipLookup
Forward to Portal
STORY TITLE
36WebSphere Portal Technical Conference U.S. 200836
Under the covers[8/27/08 14:58:55:499 UTC] 0000005d WebAuthentica 3 Could not find LTPA cookie(s) in request.[8/27/08 14:58:55:499 UTC] 0000005d WebAuthentica < handleSSO: (null) Exit[8/27/08 14:58:55:499 UTC] 0000005d WebAuthentica > handleTrustAssociation Entry[8/27/08 14:58:55:499 UTC] 0000005d TrustAssociat > getInterceptor() Entry[8/27/08 14:58:55:499 UTC] 0000005d TrustAssociat 3 Check if target interceptor [0]: TrustAssociationInterceptor ...[8/27/08 14:58:55:499 UTC] 0000005d TAIWrapper > isTargetInterceptor() Entry[8/27/08 14:58:55:517 UTC] 0000005d TAIWrapper < isTargetInterceptor(): TrustAssociationInterceptor returning true Exit[8/27/08 14:58:55:518 UTC] 0000005d TrustAssociat 3 Found interceptor: TrustAssociationInterceptor[8/27/08 14:58:55:518 UTC] 0000005d TrustAssociat < getInterceptor() Exit[8/27/08 14:58:55:518 UTC] 0000005d WebAuthentica 3 TAI [TrustAssociationInterceptor] is available for this request.[8/27/08 14:58:55:518 UTC] 0000005d TAIWrapper > negotiateAndValidateEstablishedTrust() Entry[8/27/08 14:58:55:555 UTC] 0000005d TAIWrapper < negotiateAndValidateEstablishedTrust(): status code = 200 Exit[8/27/08 14:58:55:556 UTC] 0000005d WebAuthentica 3 TAI [TrustAssociationInterceptor] has been validated successfully.[8/27/08 14:58:55:556 UTC] 0000005d WebAuthentica 3 Subject retrieved is [Subject:
Principal: $$wcstst01$$uid=wcstst01,ou=users,ou=Clients,dc=cardinalhealth,dc=com$$0e-9fd92d11-6d5e-4a2a-ad13-007bfc174561$$vz02qeBPbo+o6YwnMcf2G8KRczg=$$yZ8h4MW+ukT4JvdTQjHsrH98fES0Vf8PEb/ICUcShZUHxmnH1hqsF1qlbUJaPVAm8QqFIshzGku23aBygGERYkdYn1szg/S1QsXiPxknG5t1bGMEZGIVxD6sdIqfZdnfE0iJzm6bsHeFoHYK+IN95cW9xiact3wh+oyHjV626FDp+7AJa96Qgw5P7y6CjPIglJLJL5F/N1Y/OEfp8hYObSkt+CCNeb5nIJSfJxJyWvGDqSrUVPnqfnIZUTwYNhfOgvVrP+biPyjbDT21cd1yHSG1UNtrAYIRHl7cqzSg0XeBytN5iHkXsc/eAEz9Wycvfw9vF/45nH1/vgqPpca7ygX/eGFoQ0gm2f/DcsWMjOVdf379e7GVJRQ079coYcaNekXsYNXDn6VO/0ZsuQwSjabM2g2E061/z6WjfdTzmA5uMJyyCM2Teis+gEJ9G0p62CX+H3pLGR8=$$7200$$3600$$1219849135$$1219849135$$1219849135554Public Credential: {com.ibm.wsspi.security.cred.cacheKey=user:hostname.cardinalhealth.net:7389/uid=wcstst01,ou=mycompany,ou=RetailChain,ou=customer,ou=eBusiness,O=cardinalvz02qeBPbo+o6YwnMcf2G8KRczg=, com.ibm.wsspi.security.cred.uniqueId=user:hostname.cardinalhealth.net:7389/uid=wcstst01,ou=mycompany,ou=RetailChain,ou=customer,ou=eBusiness,O=cardinal, com.ibm.wsspi.security.cred.securityName=wcstst01, com.ibm.wsspi.security.cred.groups=[cn=WebOrderingDevAdmin,ou=mycompany,ou=groups,ou=eBusiness,O=cardinal, cn=WebOrderingDev,ou=mycompany,ou=groups,ou=eBusiness,O=cardinal]}
][8/27/08 14:58:55:556 UTC] 0000005d WebAuthentica 3 Username retrieved from TAI is [wcstst01][8/27/08 14:58:55:556 UTC] 0000005d WebAuthentica 3 Map credentials for wcstst01.[8/27/08 14:58:55:595 UTC] 0000005d WebAuthentica 3 Mapped credential for TrustAssociation was validated successfully.[8/27/08 14:58:55:595 UTC] 0000005d WebAuthentica < handleTrustAssociation: OK Exit[8/27/08 14:58:55:595 UTC] 0000005d WebCollaborat > setPrivateAttributes Entry
STORY TITLE
37WebSphere Portal Technical Conference U.S. 200837
Under the covers WSCREDENTIAL_UNIQUEID
com.ibm.wsspi.security.cred.uniqueId• LDAP:
“ldaphost.cardinalhealth.com:389/cn=detienne,dc=cardinalhealth,dc=com
WSCREDENTIAL_SECURITYNAME com.ibm.wsspi.security.cred.securityName
• LDAP: “detienne”
WSCREDENTIAL_GROUPS com.ibm.wsspi.security.cred.groups
• LDAP: “ldaphost.cardinalhealth.com:389/cn=group1,dc=cardinalhealth,dc=com
WSCREDENTIAL_CACHE_KEY com.ibm.wsspi.security.cred.cacheKey
STORY TITLE
38WebSphere Portal Technical Conference U.S. 200838
New Comers Caching strategy
STORY TITLE
39WebSphere Portal Technical Conference U.S. 200839
Thank you!!
Questions
STORY TITLE
40WebSphere Portal Technical Conference U.S. 200840
Additional Information and ResourcesWebSphere Portal – IBM Site http://www-3.ibm.com/software/genservers/portal/
WebSphere Portal Business Solutions Catalog:http://catalog.lotus.com/wps/portal/portal
Websphere Portal Developer’s Zonehttp://www-106.ibm.com/developerworks/websphere/zones/portal/
WebSphere Portal/Commerce Education assistanthttp://publib.boulder.ibm.com/infocenter/ieduasst/v1r1m0/index.jsp?topic=/
com.ibm.iea.wcs/wcs/6.0.0.2/New_Features/Portal_Integration/WCSv602_Portal_Arch_Overview/player.html
WebSphere Commerce – IBM Sitehttp://www-01.ibm.com/software/genservers/commerceproductline/
WebSphere Commerce Developer’s Zonehttps://www.ibm.com/developerworks/websphere/zones/commerce/
STORY TITLE
41WebSphere Portal Technical Conference U.S. 200841
Session ID: B14
Session: WebSphere Commerce Integration with IBM WebSphere Portal and Web Content Management
Presenter(s): David Rosen and Paula Callister
Please take a few minutes to fill out the session survey. Thank you Mark your calendars!Mark your calendars!
2009 U.S. WebSphere Portal Technical Conference2009 U.S. WebSphere Portal Technical ConferenceOctober 12-15, 2009, Sheraton San Diego Hotel and MarinaOctober 12-15, 2009, Sheraton San Diego Hotel and Marina
WebSphere Portal Technical Conference U.S. 2008
STORY TITLE
42WebSphere Portal Technical Conference U.S. 200842
© IBM Corporation 2008 All Rights Reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.
IBM, the IBM logo, WebSphere, Lotus, Lotus Notes, Domino, Quickplace, Sametime, Workplace and Quickr are trademarks of International Business Machines Corporation in the United States, other countries, or both.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
CA is a registered trademark of Computer Associates in the United States, other countries, or both.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
All references to Renovations Inc. refer to a fictitious company and are used for illustration purposes only.