Arkansas Electric Empowers Users With a Single Sign-on Solution
Arkansas Electric Cooperative Corporation implements a single sign-on solution to allow mobile employee access.
Image by John David Pittman
By Jim Utsler04/01/2018
Customer: Arkansas Electric Cooperative Corporation
Headquarters: Little Rock, Arkansas
Business: Non-profit electricity provider
Challenge: Establishing single sign-ons for iPad users accessing a web-based application
Solution: Reaching out to Botz & Associates for a simple and cost-effective way to provide iPad single sign-ons
Hardware: An IBM Power Systems S814
Software: A variety of in-house developed applications
It sometimes seems that throwing buckets of money at ostensibly intractable IT problems is the best way to solve them. After all, if you have $100 available, why settle for a $20 solution?
One example of an organization that avoided the more expensive option was Arkansas Electric Cooperative Corporation (AECC). As part of a larger modernization process, the organization decided to begin allowing some employees to use Apple iPads to access a web-based application.
The lack of single sign-ons (SSOs) between the tablets and the back-end IBM Power Systems* environment was a problem, however. AECC began working on solving this issue in-house for several weeks, but as Barbara Harris, AECC IT director for business and financial systems, puts it, “You can get 90 percent of the way there, but that last 10 percent somehow eludes you.”
That’s when it decided to contact a long-time business partner, Botz & Associates, for help. Within a few days, AECC had the solution it needed, at minimal costs and including only a few minutes of configuration time per iPad.
Headquartered in Little Rock, Arkansas, the non-profit AECC provides wholesale electricity to Arkansas’ 17 electric distribution cooperatives, which serves more than 60 percent of the state’s land area and approximately 1.2 million members.
In addition to AECC, which was established in 1949, Arkansas’ other cooperatives include Arkansas Electric Cooperative Inc. (AECI). This statewide service association provides construction, maintenance for rights-of-way, utility sales, high-voltage equipment testing, and communications for member cooperatives and other power providers.
AECC is responsible for its own IT and that for AECI, in addition to providing support for a statewide network for other member cooperatives. AECC IT staff is responsible for developing and maintaining a variety of in-house applications, including those for utility inventory sales and services, vendor-managed inventory, accounting and finance, work orders, and vehicle, equipment and job costing, all of which run on a Power Systems S814 server running IBM i 7.3 hosted at AECC’s headquarters.
Over the past several years, the organization has undertaken a massive modernization effort. This has included using IBM Rational* Developer for i for easier coding, converting traditional RPG applications to free-format RPG, adopting free-form RPG as its primary development language, using PHP for browser-based applications and migrating from DDS-based physical files/logical files to Data Definition Language source to take advantage of SQL.
With this has come a wealth of opportunities to leverage its homegrown applications, including for advanced web and mobile solutions. Already, it’s requiring the use of mobile devices for employees who are out in the field working on transmission lines and in power plants, for example. The data they enter into their supporting mobile app is synched up from the client side to the server side when they have internet connectivity.
Another 60 or so employees are testing mobile devices for potential or upcoming projects. “Our entire IT division is in the beta test group, a lot of them just because, being IT people, they’re curious,” Harris says.
And a good thing they are. When preparing to launch a web-based app that allowed select personnel, such as vice presidents, directors, managers and supervisors, to approve invoices on iPads, the beta testers came across a major glitch involving persistent authentication.
“When using a Windows* browser, you log in through a VPN to get into the network without having to sign in every time you want to interact with the system,” Harris says. “That wasn’t the case with the iPads.”
When users tried to access the system with Safari, the default iPad web browser, they had to enter their IBM i user ID and password each time they attempted to connect to the server. This is despite the Apache web server having been configured to accept the authentication protocol Kerberos.
“It was a surprisingly simple solution, easy to implement and it worked. That’s the kind of stuff I like.”—Barbara Harris, AECC IT director for business and financial systems
The easy fix would’ve been configuring another default browser, such as Google Chrome, on each iPad, which indeed would have worked. “We have authentication that works with Chrome,” Harris says. But every time someone received a business-related email and hit a link pointing back to the Power Systems server, Safari would launch and the user would have to re-enter his ID and password.
“We already knew we might face a hurdle when launching this app, but it wouldn’t have been accepted at all if people had to re-enter their credentials whenever they needed to reestablish a connection to the server,” Harris recalls. “There would have been pushback, and for good reason.”
A Simple Solution
Wanting to avoid that outcome—and after a couple of weeks attempting to fix the issue in house—Sandy Kapales, systems administrator, and Nathaniel Collier, systems analyst, decided to approach Botz & Associates for help.
Given that they had already assisted with AECC’s initial SSO implementation for its Windows environment, this seemed like a no-brainer, especially considering Botz & Associates’ SSO stat! service, which includes ongoing support for existing and new/changed applications that employ SSO.
“Sandy got about 90 percent there, but the remaining 10 percent was tough going. So she said, ‘Why don’t I just shoot a message over to Botz & Associates as part of the SSO stat! service to hopefully save some time and effort.’ Within a day or two, she got a response that included an inexpensive and simple solution,” Harris says.
Now, when users point Safari to a Kerebos-based URL, they just enter their Windows login credentials to gain access to the web app. Unless they close Safari or are inactive for a long period of time, they’ll remain logged in for the duration, as SSO has been designed to work.
According to Harris, the cost for the solution was “virtually nothing more than the few minutes that were spent configuring each iPad. And just as importantly, this has allowed us to set iPad users’ IBM i passwords to *NONE with no loss of security. This significantly reduces the administrative time and costs we would experience helping users log in, reset lost passwords, etc.”
The Good Stuff
As AECC has proven, having a $100 budget doesn’t mean one has to spend it all, especially when only $20 will do. It also doesn’t hurt having a business partner such as Botz & Associates that will provide a solution within a day or two of a request.
“It was a surprisingly simple solution, easy to implement and it worked. That’s the kind of stuff I like,” Harris adds.
Jim Utsler, IBM Systems magazine senior writer, has been writing for IBM since the mid-1990s.