- Security Engineer around 8 years of experience improving technical efficiencies in Identity & Access Management and Single - Sign-On space, maximizing resources, and improving team functionality in commercial IT fields.
- Experience in deployment of SAML based highly available Identity provider & Service Provider solutions using Ping federate, CA Siteminder SSO/Federation and Simple SAML systems.
- Worked on Siteminder Web agent upgrades from R6 to R12 and from R12 to R12.52 in both IIS and Apache and installed and Configured CA Directory R12.0.18, R12.6 both for User Directory and Policy Store.
- Experience in token, form-based authentication and X.509 certificate-based authentication.
- Experience in User Directory Administration and System Administration.
- Experience in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies.
- Successfully upgraded Ping Federate admin and runtime nodes.
- Successfully completed version upgrades from CA Siteminder R6 to R12, involved in the Sun One directory server upgrades to11g.
- Worked on OAuth and OpenID solutions using Ping Federate.
- Experienced with multiple Ping Federate adapter’s html, kerberose, opentoken, pingID and composite adapters.
- Experience in enabling SSO using standard authentication protocols like SAML 1.1 and SAML 2.0 using Ping Federation, Siteminder Federation.
- Experience in configuration and administration of Siteminder Policy Servers, Policy Stores and User Stores created in Sun One Directory server (LDAP).
- Integrated Ping Access with Ping Federate System to get authenticated by Ping Federate and Authorized by Ping Access Servers using the rules and policies.
- Worked on all the Ping Federate OAUTH grant types to get the access token to access the protected API. Supported development with integration of Mobile Apps using OAuth/SAML in Ping Federate.
- Expertise in Installation, configuration, deployment and maintenance of the pingfederate, pingone and pingAccess.
- Experience as a configuration administrator to protect web applications using CA Single Sign On.
- Fine-tuned and set up High availability for IAM servers in all environments. Tested and implemented back up, recovery.
- Experienced with Failover, Load Balancing and other Administration tasks.
- Experience in installing and implementing Web Application servers IIS, Apache, iPlanet/Sun/Oracle Web servers, IBM http web server, Apache Tomcat, iPlanet App server, web logic, web sphere.
- Handy Experience on troubleshooting Application Authentication issues in Active directory Multi domain Environment.
- Expertise in Active Directory design and support (GPOs, AD Schema, OUs, LDAP, Sites, Replication, etc.)
- Expertise in deployment and troubleshooting of windows 2008 and 2012 R2Domain Controllers in Active Directory.
- Integrated Pingfederate with active directory and Azure AD to authenticate the users as per requirement.
- Experience in Migrating Group and Exception Policies from one domain to another domain in AD forest.
IAM Products: PingFederate6.0/7.0/8.0, Siteminder Policy Server R12.5, 12, 6, Siteminder Web Agents, CA Federation, Oracle CoreID 7.0,Sun One Directory Server, Oracle Directory Server 11g, Active Directory.
Programming Languages: VB,C# (.Net), Java, Perl, shell script.
RDBMS: Oracle 8i/9i, SQL Server 2003/2008, MySQL 5.0
Web Servers: IIS, Apache, Tomcat, JBoss
Operating System: Solaris, Windows, Linux, AIX
Incident management tool: HP service manager and Service No
Confidential, Clearwater, Florida
Sr. Identity and Access Management Engineer
- Worked on Custom Authentication Schemes in Ping Access based on Business needs.
- Installed and Configured Ping Access to authenticate and authorize the users using Ping federation as token provider.
- Hands on experience in designing, deployment, implementation and architecture with Ping Access and PingFederate.
- Configured both Ping Access Reverse Proxy, Gateway to decode the JWT tokens and also installed the agent on application server to communicate with Ping federate server.
- Experience in configuring SSO with PingFederate using out of the box and custom developed authentication schemes.
- Performed POC for Ping Access Authentication Solutions. Installed PingAccess Admin server and Runtime servers in clustered environment.
- Protected multiple applications both web based and API based using Ping Access and Ping Federate.
- Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises and Ping Access and JWT tokens to authenticate the user using Ping Federation.
- Worked on Ping Access Gateway to take the Application traffic directly using Virtual Hosts and redirect back to the backend sites application with Ping Access Token.
- Worked on OAuth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into third-party vendors.
- Extensively worked to fine tune SunOne Directory server (LDAP). Implemented multi master replication.
- Experience in setting up SSO environments. Integrated SSO products such as Netegrity SiteMinder and Sun One LDAP with existing enterprise applications and middleware applications.
- Installing and configuring the Security Directory Suite 18.104.22.168 in VA with external DB2 database V10.5.FP9.
- Configured rules in pingacess to authorize the users based on the requirement.
- Experience in implementation of Security Management tools in enterprise wide Applications to achieve Authentication, Authorization and Accountability.
- Expertise in analyzing the logs and Troubleshooting issues in Integration of other applications using CA SiteMinder (Access Management) and Identity Management tools along with LDAP and Web-server agents.
- Experience with application configuration with Ping Access and defining Ping Access Sites, Site Authenticators, Rules, Virtual hosts, Policies and Rules.
- Preparing Unit testing documentation. Integration of Archer with different tools/ solutions.
- Configuring access control on solution level, application-level, record-level and field-level access control functionalities of archer
- Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML, Oauth, WSFed and OpenID based integrations using Ping Federate.
- Implemented OAuth to access the protected API with Access Token by using Different Oauth Grant types.
- Enabled LDAP authentication for pingfederate Admin console and also enabled SSO for pingaccess admin console.
- Configured html adapter, opentoken adapter, Kerberos adapter and composite adapters.
- Configured authentication policies to route the users to different authentication adapters based on the user location or context.
- Configured Oauth clients to authenticate users for backend sites using PingAccess.
- Developed custom Ping Federate adapters and Ping Federate custom data source drivers using Ping Federate Java SDK (IdpAuthenticationAdapterV2 / Custom Data Source Driver /Password Credential Validator).
- Expertise in implementing SAML as both Identity Provider and Service Provider across multiple platforms Using Ping Federate.
Environment: Ping Federate 8.3, Ping Access 5.4, SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Directory, PingDirectory, Java, C#, PowerShell,Web Agents, Oracle LDAP Directory Server 11.0g, IBM WebSphere, SQL Server, HTML, SQL, MS Visual.
Sr. Ping /SSO Consultant
- Implemented SAML solutions using Novell Access Manager.
- Configured and supported legacy application using reverse proxy.
- Supported OAuth solution using Novell Access manager.
- Created and imported users from production to staging.
- Experience in working with Novell eDirectory.
- Integrated applications to enable Single Sign-On (SSO) / Federation login in by coordinating with application development and business team.
- Implementing SAML Protection with Digital Signature.
- Experience with using many http tracers like Fiddler, SAML tracer, Http watch and developer tools to troubleshoot issues.
- Creating SP/IdP connections using Ping Federate with external partners. Implemented Single sign-on using the Unbound id component to interact with the Customer LDAP.
- Used Ping API to deploy and create SAML changes.
- Architecture and implementation of Identity and Access Management (IAM) solution using Ping Federate, Risk-based 2-Factor Authentication (using RSA Adaptive Authentication) and OAuth 2.0.
- Developed and designed security capabilities such as Authentication, Authorization including Multi-factor and biometric, Federation, and Mobile security.
- Worked on OAUTH to allow access to Protected API's for OAuth Clients by getting Access Token from Authorization Server using various Grant Types. Used OAuth play ground to retrieve access token and refresh token
- Designed common framework for Single Sign-On implementation for partners using Ping Federate.
- Ping Federate Performance tuning for supporting heavy traffic.
- Migrated Web Authentication solutions from CA Single Sign-On (Siteminder) to Ping Access.
- Responsible for preparing documentation for each application and providing the Run Book to the Operations team to troubleshoot issues.
- Created Shell Scripts for monitoring and reporting Siteminder, SPS, CA Directory, Web agent, and Tomcat services and accordingly perform failovers or Scale services.
- Deployed Policy Agents across different HTTP and application servers like Apache, JBoss, Jetty, and Tomcat.
- Experienced in assisting Web Administrators, LDAP Administrators to determine what the best values for SiteMinder parameters and tune the system to boost SiteMinder performance in the Web Tier, the Application Tier, and the Data Tier.
- Experience in implementing failover and load balancing schemes between Web Agents and Policy Servers and between Policy Servers and LDAP.
- Perform User administration for Active Directory Users and Computers using ADSIEdit.
- Performed active directory backups and restore and carried out installation of new Windows 2012 servers.
- Managed Active Directory users and computers and Exchange Server.
- Worked with Active Directory (domain, User accounts, groups).
- Experienced in setting up integrated security access to the portal and Single Sign-On.
- Responsible for deploying enterprise applications from Admin console and enabling security using LTPA, LDAP for admin console and application components on Windows.
Environment: Ping Federate 8.3, Ping Access 3.2, Novell Access Manager 4.2,4.3, SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Directory, Java, C#, PowerShell.
Sr. Single Sign on Engineer
- Performed maintenance of authentication directories, LDAP, including Netegrity Siteminder Single Sign On.
- Worked with the team for implementation and upgradation of new releases and related technologies within change management processes.
- Responsible for Sun ONE directory server administration, directory maintenance and replication of the directory server and consistently improved LDAP performance, and high availability.
- Supported, maintained and documented LDAP multi-master replication procedures, online promotion/demotion of servers, chaining, referrals and grouping with SunOne directory servers.
- Performed full and fractional replications as per business requirements and improved concurrent replication update.
- Configured Multi factor authentication for Siteminder protected Applications.
- Researched current best practices and industry wide standards including vendor recommendations and apply and test within the infrastructure.
- Experienced in installing, configuring Siteminder policy server Web agents, ASA agents, Domino Agents, Active Directory server (LDAP) and various Web & Application servers.
- Monitored authentication, authorization and accounting to support failover and load balancing between policy servers.
- Performed technical review of all changes in conjunction with Change management team.
- Configured web agents with policy servers, schemes, user sessions, rules, and responses to protect, manage, authenticate and authorize.
- Performed addition and modified bulk entries in directory server.
- Integrated LDAP with Netegrity Siteminder to access user stores and policies.
- Configured user sessions to support for single and multiple domains SSO.
- Conducted proactive performance tuning for operating systems, web agent, policy servers, policy stores and user stores to meet and maintains operational requirements (process, thread, connection, and cache).
- Determined the root cause, implemented solutions, applied patches to resolve authentication, authorization, and performance issues.
- Planning, designing, configuring, testing, validating, implementing and deploying of Microsoft Local Administrator Password Solution (LDPS) across client's Active Directory with GPOs.
- Supported to resolve Windows Active Directory/Exchange mail-box, calendar, and contacts access permissions, new logon attributes update, department transfer update, account reinstated related various incidents/tasks with ServiceNow systems.
- Deployed Active Directory Custom attributes to obtain for various department related objects.
- Planned, implemented and maintained Active Directory with DNS and DHCP servers.
- Active Directory replication topology created using SMTP and IP protocols.
- Planned and deployed Group Policy Objects.
Environment: CA Single sign on (6.0/12.51), Ping Federate 6.x/7.x, Oracle DSEE 11g, Microsoft Active Directory, Web Agents, Oracle LDAP Directory Server 11.0g, IBM WebSphere, SQL Server, HTML, SQL, MS Visual.
Siteminder / System Engineer
- Provided solutions for complex application using Siteminder and Ping federate.
- Hands on experience on Ping federate, CA Single Sign-ON, CA Advance Authentication, CA Secure Proxy Server, Ping Access, and Ping Cloud.
- Experience in SAML based authentication 1.1 and 2.0 using Ping Federation, Siteminder Federation and integrate with Siteminder authentication and adapter.
- Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate.
- Setup and maintain distributed IT systems including computational resources, servers, storage and networking.
- Worked on OpenID Connect for the user Authentication using Ping Access.
- Configured and supported SAML based Identity & Service Provider connections.
- Written custom active responses to extend the capabilities of Siteminder and to support the client requirement.
- Designed transitioning strategies around Access Management systems and accordingly performed migration of application policies, risk, rules from Siteminder.
- Provided Impersonation, SharePoint, HR Services, Sales Force solution using Ping federate and Siteminder.
- Hands on Experience on other Single Sign-On products like CA Siteminder. Implemented and Designed Access Management Solutions.
- Successfully supported to migrate/Build all the infrastructure to a new environment.
- Upgraded Siteminder to R6 SP1/SP5/SP6, R12 SP2/SP3.
- Migrated Web Authentication solutions from CA Single Sign-On (Siteminder) to Ping Access.
- Configured application agents on PeopleSoft, WebSphere, Web Logic and OBIEE.
- Created scripts to monitor Apps, dashboards, backup LDIF and generated reports.
- Installed, configured and maintained Weblogic server and portal 8.1.
- Installed and Configured Windows NT/2000/2003 Sever, as a Web Server, Database Server, DHCP & DNS Servers and Maintained Server status at all time for thousands of users.
- Performed Servers clustering and segregation to expand system processes.
- Installed and configured Windows 2000/XP Pro and Linux Red Hat 8/9.
- Involved in the design process of migrating from Windows .
- Involved in various UNIX shell scripting for Extracting and Reporting Log Files errors, IP confliction errors, refresh IP’s, DNS errors within network and various others.
- Maintained Internet Information Server (IIS), SMS and sixteen different Windows 2000 Servers of different processes, applications, and databases in running status.
- Migrated Web and Database Applications such as Cold Fusion, Oracle Databases, SQL, Web Logic.
- Configured and Monitored Windows Server 2000 Security Templates including Filtered Data flow, Outlook Email encryption and Spam Control, Intranet User filtration, VPN tunneling, IP Sec Filtration, Symantec Antivirus, and Intrusion Detection Firewall.
- Created user accounts, and mapped security policies on NT/UNIX environment.
- Configured Database procedures, created several UNIX shell scripts to form back up path for sales servers daily processing and Database overload, and used VERITAS back up tool for all 2000 servers.
- Installed and configured Siteminder components
- Upgraded policy servers and web agents
- Troubleshooting and maintenance of web servers and policy servers
- Created, Configured and Assigned new Server IP addresses, DNS, and WINS.
- Created Intranet site using HTML, DHTML, XML, ASP and Access, and admin Web Servers.
- Remotely access server for changes, failure recovery and for backup using PC Anywhere, VNC, and Remote Desktop Control.
- Installed and configured HP and Compaq Servers Proliant ML 380/320/570, HP OpenView, and Dell Power Edge Servers 2400, Dell Open Manage.
- Performed database application migration, SCSI Hard Drive mirroring, and created Raids.
- Installed and configured network equipment’s, printers and managed disk quotas.