We provide IT Staff Augmentation Services!

Ca Site Minder Engineer Resume

Overland Park, KS

SUMMARY

  • 7+ years experience on CA Site Minder components installation and configuration on Linux and Window OS .
  • Successfully implemented Web Access Management Solutions using Ping Access 3 and other security products like CA Single Sign - On (CA Site Minder).
  • Experience in deploying SAML based highly available solutions using Ping Federate and other security products.
  • Extensive experience in client interaction and support maintenance engagement in security.
  • Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate.
  • Migrated Web Authentication solutions from CA Single Sign-On (Site Minder) to Ping Access 3.
  • Hands on working experience on LDAP products like Oracle ODSEE, CA Direction.
  • Successfully upgraded Ping Federation Services from 6 to 7 and 7 to 8.
  • Implemented OAuth and OpenID for mobile and non-browser solutions using Ping Federate.
  • Worked on all the Ping Federate OAUTH grant types to get the access token in order to access the protected API.
  • Hands on Experience on other Single Sign-On products like CA Site Minder. Implemented and Designed Access Management Solutions.
  • Upgraded CA Site Minder Policy Server from R6.X to R12 version and R12 to R12.51 versions.
  • Hands on Experience working on multiple Ping Federate adapters like http adapter,open token adapter, and composite adapters.
  • Hands on experience on Ping Federate, Oracle IDM, CA Single Sign-ON, CA Advance Authentication, CA Secure Proxy Server, Ping Access, and Ping Cloud.
  • Experience in User Directory Administration and System Administration. Experience in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in Site Minder.
  • Preparing, filing, and maintaining contract carrier and client profiles using Okta software.
  • Experience in SAML based authentication 1.1 and 2.0 using Ping Federation, Site Minder Federation and integrate with Site Minder authentication and other adapter.
  • Experience with LDAP Architecture includes DIT and Replication Mapping between replica hub/consumer, Multi-Master/Single-Master in Sun One Directory server.
  • Expertise in Installation, configuration, deployment and maintenance of the Site Minder components the Policy Server, Web Agent, Policy Store and Key Store certificate store.
  • Involved in Web Agent upgrades from 5.x to 6.x and 6.x to R12.51.Worked on application migration from CA Site Minder r6.5 to r12.5.
  • Good experience in troubleshooting the CA Site Minder and Web Agent issues.
  • Interaction with clients for better execution of processes

TECHNICAL SKILLS

Identity & Access Management: Open SSO, Ping Federate, Ping ID, Ping One SAML 2.0. Site minder Policy Server R12.5, 12, 6, Siteminder Web Agents, CA Federation, OAM, IIS, CA-E trust admin, CA Directory Sun One Directory Server, Azure, Oracle Directory Server 11g,Okta, Active Directory

Scripting languages: PHP, Pyhon, Shell

Operating System: Windows Servers, UNIX(Solaris 9/10), Red hat Linux 5.x/6.x

Directory Servers: iPlanet/Sun ONE Directory Server, Oracle Directory Server

Web & Application Servers: iPlanet/Sun One Web Server, Macromedia JRun, Microsoft IIS. 2

Processes: ITIL, Six Sigma (Yellow Belt Training).

PROFESSIONAL EXPERIENCE

Confidential, Overland Park, KS

CA Site Minder Engineer

Responsibilities:

  • Administer Linux and Windows hybrid systems with a wide range of hybrid services (LDAP, AD, SSH, Okta, OAuth).
  • Configuration of IDP & SP adapters and enabling the single sign on.
  • Configuration of Ping Federate with Ping One to enable the mobile solutions.
  • Installation of Sun One LDAP and Iplanet Web Servers.
  • Performed the load test on Oracle LDAP applications using the custom scripts developed by the vendor and increased the response time.
  • Tuning of Policy servers and Directory Servers to achieve maximum output.
  • Configuration of Policy servers and Directory servers for Data Center and Continental Failovers.
  • Assigned as SiteMinder Engineer for up gradation, configuration, and deployments of CA SiteMinder policy server, CA Directory and support SiteMinder infrastructure.
  • Upgraded SiteMinder Policy Server 12.0sp1 to R12.52 and R12.52 to R12.6 in parallel mode.
  • Customizing SAML 2.0 with Tivoli Federated Identity Manager
  • Responsible for the development of new features for the IdentityNow cloud offering.
  • Worked on installing, configuring and administering CA SiteMinder R12, R12.52,12.6 and CA Directory on Windows, and Linux Platforms
  • Upgraded CA Directory 12.0 to 12.5 and 12.5 to 12.6.
  • Created the front-end replication servers based up on the client's request for the Load Balancing.
  • Configured SiteMinder Policy Server with key and policy stores stored within CA Directory. Installed and configured CA Directory.
  • Supported development with integration of Mobile Apps using OAuth/SAML in Ping Federate.
  • Excellent communication skills and working on with SAML Trace, Server log files for trouble shooting the error from client end.
  • Used Ping API to deploy and create SAML changes.
  • Implemented Design Security Network on CA Single Sign On. Implemented openID and OAuth solutions using Ping Federate.
  • Configured ODSEE servers in MMR(Multi Master Replication) to Achieve High availability/Scalability.
  • Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature. Designed, deployed and supported highly available and scalable Ping Federate infrastructure in AWS and On-premise that provides single-sign-on (SSO) and federation solutions for internal accesses.
  • Ping Federate Performance tuning for supporting support heavy traffic.
  • Testing the Siteminder integrated applications before the production releases.
  • Performing the siteminder application load testing to verify the load on web servers & Siteminder application.
  • To Ensure that the System (Sun Server) and the Operating System (Solaris) has maximum Performance to host the SSO Instances.
  • Helping Various Business units to identify performance bottlenecks and improve the performance in the SSO Environment.
  • To Ensure that the System (Sun Server) and the Operating System (Solaris) has maximum Performance to host the SSO Instances.
  • Helping Various Business units to identify performance bottlenecks and improve the performance in the SSO Environment.
  • Work with customers to test configurations if necessary.
  • Support Identity & Access management (IAM) systems and to provide tool administration support.
  • Hands-on experience on OIM 9X, 11g R1, 11g R2PS1 and 11g R2PS2 .
  • Good knowledge on Scheduled jobs, Workflows and Access policies in OIM.
  • Proficient in Oracle Identity connectors, adapters, customization and configurations in OIM
  • Good understanding of Active Directory, Exchange, SAP target systems and OIM Database tables
  • Migration of Ping SSO1 and Ping SSO2 to Okta
  • Migration of 35 applications from ping SSO1 and 42 applications from Ping SSO2 to OKTA.
  • Migration of applications using SAML, WS fed, OIDC and SWA protocols.
  • Integration of legacy/on-prem applications in Okta using Access gateway.
  • Environment configuration, changes and application on-boarding to Okta.
  • Troubleshooting of application related configuration issues for SAML based and OIDC based apps using SAML trace, fiddler tracer and JWT.io
  • Helped application teams to modernize to OIDC Protocol for SSO and set up SLO for SAML/OIDC apps
  • Import of users from LDAP /AD into OKTA user Directory using AD agent
  • Design of external and internal user’s authentication flow like internal users authenticate with IWA and external users have login form + OTP.
  • Okta Access gateway POC for Native/Legacy/Internal apps for SSO with OKTA without any code changes. Org2Org provisioning between OKTA tenants and PingFederate.
  • Postman API calls setup with Okta using API tokens. Apigee, act as proxy for sending API requests to Okta tenant using AMPS v2
  • Creation of application specific groups, IDP routing rules and policies based on requirement like session timeouts etc.
  • Designed support documents for Tier 2 team for adding external users to OKTA user groups using Amps UI
  • Setup of AMPSv2 application with OKTA API calls for user creation, deletion, and update of attributes and reports generation.
  • Creation of Process documents and given KT to Tier 2/ application support teams.
  • Ping environment migration from one region to other region using ansible scripts.
  • Raised change orders to enable firewall ports, requested DNS team to map hostnames to IPs and designed network diagrams for n/w communication across regions.
  • Upgradation of PingFederate from v8.1.3 to v9.3.3 for fixing same site cookie issue of chrome browser.
  • Upgradation of Apache web servers from 2.4.37 to 2.4.41 because of vulnerabilities.
  • Upgrade of PF standard adapter with open token adapter v2.5.8

Technical Environment: CA Site Minder 6.0 SP5,CA Site Minder r12.5 IDM, SAP provisioning, OIM, IPlanet/Sun ONE Directory Server 5.1 & 5.2, Oracle Directory Server 11g, ODSEE 7.X, Empower ID IAM, Okta, SSO, SAML 2.0, SAML1.1, WS-FED, Apache, OAuth2.0,MS ADFS, Active Directory, PowerShell, Unix(Solaris 9/10), Red hat Linux 5.x/6.x, Shell Scripting.

Confidential

Site Minder Engineer

Responsibilities:

  • Installed Site Minder 6.0 SP5 and implemented SSO across multiple domains on Windows 2008 platform.
  • Created policies, realms, rules, and responses to protect the applications and validate the users to work under SSO environment.
  • Upgraded the Site Minder 6.0SP5CR09 Policy Server to CR18 and later to CR29 versions. Installed and configured Site Minder Policy Stores to utilize Sun One Directory Server (LDAP) as the user and 'policy' repository on Sun Solaris.
  • Installed and configured web agents on IIS 6.0 and Apache 2.x webservers.
  • Installed Sun One Directory Server 5.2 and configured the Replication Schemes in case of Failover of Directory Servers.
  • Coordinated with testing team to end-to-end regression tests on Site Minder Protected sites. Coordinated with several application teams and system administrators, responsible for rolling out SiteMinder implementation and various releases into production.
  • Integrated Siteminder with Ping federate using Core blox token translator to bridge the SSO gap between applications protected on either system.
  • Involved in Requirements gathering, development if required, integrating and testing for enabling SSO for the application.
  • Integrated internal Applications, SAAS based applications using SAML 2.0, SAML 1.1, WSFED and OAuth 2.0.
  • Provided solutions for complex application using Site Minder and Ping Federate.
  • I have good understanding of AWS and its design
  • In our Project we have used Amazon Route 53, WAF, Shield, Application elastic load balancers, Network load balancers, VPC, Availability Zones, S3 buckets, storage blocks, and RHEL instances along with Private IP’s and security rules.
  • In our VPC, Amazon route 53 redirect traffic to respective Availability Zones based on the rules that we have given to redirect traffic to geo-based locations (i.e.; US traffic to US AZ’s and rest of the world to EU AZ’s)
  • Once request redirect from Rout 53 to Application ELB based on load on servers it will redirect to respective AZ’s (i.e.; Zone 1 or Zone 2) in respective regions.
  • For data replication between Ping directory’s in all regions have used Network load balancers thus we have maintained updated data in all servers across all regions.
  • We have used AWS shield to protect our environments from DDoS attacks.
  • We have also used AWS Web application Firewall to protect web applications from hackers and attackers.
  • We have also planned for auto scaling of servers based on server load capacity and available space for getting Rid out of failover of request due to overload and low space available for which we have used S3 and storage blocks.
  • Created Shell Scripts for monitoring and reporting site Minder, SPS, CA Directory, Web agent, and Tomcat services and accordingly perform failovers or Scale services.
  • Hands on experience with IIS, IBM IHS, Apache, Sun One Web servers and WebLogic and WebSphere Application servers in Identity and access management environment.
  • Experience in using Unix/Linux utilities for analyzing logs, and trouble-shooting the applications with Application servers and Security/Identity management servers.

Environment: CA Siteminder 6.0 SP5 Sun ONE Directory Server 5.1 & 5.2, IIS, Apache, OIM, FM, Empower ID IAM, Ping Access SDK, Ping ID, MS ADFS Ping One Solaris 8 and Solaris 10, Ping Federate 7.1 SAML 2.0, SAML1.1, SAP provisioning, SiteMinder IDM, WS-FED, ODSEE 7.X, IAM,OAuth2.0, Active Directory, Java, C#, PowerShell.

Confidential, Birmgham, AL

System security support admin/Ping Federate/IAM

Responsibilities:

  • Taking responsibility of attending the Change review calls (CAB) for any changes related to LDAP, SSO applications.
  • Code & Configuration Migration from Dev. Environment to Test Environment.
  • Managing and supporting more than 50 servers that are part of LDAP/SSO production, Test and Uat environment.
  • Managing and supporting server load balancing and referral list update for the datacenter environment.
  • Implementing User Authentication, Authorization using SiteMinder APIs.
  • Onboarding the applications and implementing the Single Sign on (SSO) using the Siteminder.
  • Implementing the Cross Domain Single Sign on (CDSSO) for the applications in different domains.
  • Installing and configuring the Policy server and Sun one Directory server.
  • Working with the Clients to get the requirements to build the new environment.
  • Analyze LDAP and Siteminder logs for performance optimization.
  • As an off-shore coordinator, worked with the on-shore client teams and helped them in delivering the deliverables.
  • Configuring the Directory servers as Master and consumer instances.
  • Configuring the replication and referrals to enable multi master replication.
  • Configuring new objects classes and attributes to the schema as per the application requirements.
  • Installing and configuring the web agent in IIS and apache webserver
  • Managing the user, group and roles entries in the LDAP
  • Managing the Confidential Federation (SAML) environment.
  • Implementing the IDP & SP Initiated single sign on process for both internal & external users.
  • Configuring the SAML between the IDP - SP applications.
  • Support 24*7 Confidential SSO environment issues for protected resources.
  • Maintaining and supporting Confidential Extranet LDAP environment completely. Any modification need to happen in Confidential extranet happening through GSM team
  • Supporting various applications which reads LDAP repository, in case of authentication related issues debugging logs and along with application support team resolving the issues on timely manner.
  • Supporting and maintaining Confidential PKI ssl certificates and their attributes in LDAP environment.

Environment: Site Minder 6.0sp5, r12 sp3, Web agents 6QMR4,6QMR5, R12 Active Directory Server, Ping Federate, Windows 2003 and 2008, Red hat Linux with Apache 2.2 and IBM HTTP Web Server, IIS 5.0, 6.0 and 7.0.

Hire Now