“Exadel customized and implemented open source access and identity management technologies, improving clinician productivity, allowing physicians, nurses and other care givers to focus more time on patient care.”
Nick Yoo, Senior Director of Information Security Architecture at McKesson Corporation

Securing the Mobile Web with McKesson Case Study

About McKesson

As the oldest and largest health care services company in the nation, McKesson plays an integral role in health care and has a unique vision for its future. It serves more than 50% of American hospitals, 20% of physicians, and 100% of health plans. As the largest pharmaceutical distributor in North America, It delivers one-third of all medications used there every day.


McKesson applications are used by a diverse group of users. To serve these users better, the company wanted to radically improve efficiencies, but also maintain the high level of security required in healthcare.


McKesson teamed up with Exadel to implement a comprehensive set of security solutions including Corporate Active Directory SSO (single sign-on) and Identity Management UI. Because of its extensive security background, Exadel was able to quickly put together the best technology stack for meeting McKesson’s security needs:

  • OpenAM (access management, entitlements, and federation server)
  • OpenDJ (directory server)
  • OpenIDM (identity management system)
  • LDAP (Lightweight Directory Access Protocol)
  • WS-Security (secure web services extension to SOAP (Simple Object Access Protocol)
  • Federated security
  • SAML (Security Assertion Markup Language)
  • STS (Secure Token Service)
  • OAuth (authentication protocol)
Example Solution: Active Directory SSO

The specific challenges addressed included allowing corporate domain users to sign on once into internal and external applications, having both internal and external network users, and seamlessly auto-detecting if Windows Desktop SSO is properly configured. To meet this challenge, Exadel created a solution with these components:

  • SPNEGO–based Kerberos with fallback to conventional form authentication
  • XMLHttpRequest smoothly delivering Kerberos token to the server in the background
  • Extension over standard Windows Desktop SSO module
Example Solution: Identity Management UI

For identity management, McKesson had a variety of requirements. A solution would need to allow both direct input and batch import for user account creation. User profile management would have to include delegated administration and the ability for users to update their own profiles. Self-service capabilities would have to encompass the restoral of forgotten user IDs and password resets, And, forced password changes would need to be part of security event handling. To meet this challenge, Exadel created a solution with these aspects:

  • Based on OpenIDM 2.1.0
  • Utilized a pure HTML/REST architecture
  • jQuery, Mustache, Require.js, LESS
  • ForgeRock OpenIDM UI served as basis for this development
  • Active Directory, OpenDJ support
  • OpenAM agent used for authentication and authorization

This set of security solutions surpassed all of McKesson’s expectations in its impact. We met and exceeded each goal: high quality, reduced cost, improved efficiencies, and high customer satisfaction.

← back