BT has lowered the costs of deploying new applications, with a user authentication tool.
The telecoms company has been using SiteMinder, a centralised internet access management system from CA Technologies, to manage authentication and enable single sign-on for its end users since 2003. In the last 12 months, it conducted a successful trial to extend the infrastructure of the system to enable faster deployment of new applications.
Speaking at CA Technologies' CA World conference in Las Vegas, Alec Cartwright, identity services architect at BT said that the company originally started using SiteMinder 6, which it hopes to upgrade to SiteMinder 12 later this year, to improve user experience.
The company has just over 200 applications using the system, which is availble to 150,000 employees. The employees log into the SiteMinder system at least once a day, and the system allows them to securely log into their desktop and the system with simultaneously via a Windows Challenge/Response (NTLM) authentication protocol.
“It is underlying Microsoft technology, but CA and SiteMinder have leveraged it to link the two together,” said Cartwright.
BT has an authentication server based on Apache 2.2, with a standard SiteMinder agent. To extend the SiteMinder infrastructure, the company then deployed an Integrated Windows Authentication (IWA) server with Internet Information Services (IIS) switched on.
“The authentication server looks at the user coming in and works out from the parameters from the browser whether or not it can support it. When it works out the user can use IWA, it will send them to the IIS server to log them in,” Cartwright explained.
“Otherwise the user will be directed to the standard login page. Once it works out the user can do IWA, it will install a cookie so the PC doesn’t need to always do a check.”
However, Cartwright warned that IIS authentication does not work all the time. For example, if the user accesses the system via HTTP proxy, or if users use certain web browsers.