- Security Engineer with around 8 years of experience improving technical efficiencies in Identity & Access Management and Single - Sign-On space, maximizing resources, and improving team functionality in commercial IT fields.
- Experience in deployment of SAML based high available Identity provider& Service Provider solutions using Ping federate, CA Siteminder SSO/Federation and Simple SAML systems.
- Worked on OAuth and OpenID solutions using Ping Federate.
- Experienced with multiple Ping Federate adapter’s html, Kerberos, open token, pingID and composite adapters.
- Experience in SAML based authentication 1.1 and 2.0 using Ping federate and CA SiteMinder Federation.
- Designed and configured Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate. Integrated OAuth to protect restful API’s using Ping Access.
- Installed and Configured Ping Federate Servers on both Windows and Linux environment as both engine and admin servers. Worked on upgrading Ping Federate from Version 7.0 to 8.0 and 8.0 to 9.0.
- Integrated Ping Access Server with Ping Federation to protect the applications using Ping Access Gateway.
- Worked on Open ID token Adapter to integrate with the native applications using .Net and java and generate SAML.
- Involved in Designing the Ping Cluster with both Ping Engine Mode and Admin Mode.
- Worked on OAUTH Grant types for the OAuth Clients to get the Access Token.
- Worked on O-Auth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into third-party vendors.
- Worked on WS-security federation to generate and process tokens to send SAML between two Web Services across two different enterprise organizations.
- Experienced in using multiple Ping Federate adapters http adapter, Open token, composite adapters.
- Experience providing federation solutions using SAML 2.0, Ping Federate and CA SiteMinder Federation Service. Enforced the Ping Access policies to authorize the user for a protected resource.
- Creating Adapters, Service Provider and Identity Provider connections, replicating configuration archive, exporting Metadata, importing and exporting SSL s using Ping Federate.
- Integrated Ping Access with Ping Federate System to get authenticated by Ping Federate and Authorized by Ping Access Servers using the rules and policies.
- Worked on all the Ping Federate OAUTH grant types to get the access token to access the protected API. Supported development with integration of Mobile Apps using OAuth/SAML in Ping Federate.
- Experience in enterprise security strategy, architectures, implementation and production support for a wide variety of applications.
- Experience in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in SiteMinder.
- Experience in enabling SSO using standard authentication protocols like SAML 1.1 and SAML 2.0 using Ping Federation, Siteminder Federation.
- Worked on Siteminder Web agent upgrades from R6 to R12 and from R12 to R12.52 and R12.7 in both windows and Linux and installed and Configured CA Directory R12.0.18, R12.6 both for User Directory and Policy Store.
- Experience in token, form-based authentication and X.509 -based authentication.
- Experience in User Directory Administration and System Administration.
- Experience in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies.
- Successfully upgraded Ping Federate admin and runtime nodes.
- Successfully completed version upgrades from CA Siteminder R6 to R12, involved in the Sun One directory server upgrades to11g.
- Expertise in Installation, configuration, deployment and maintenance of the Siteminder components like Policy Server, Web Agent, Policy Store and Key Store, store.
- Experience in configuration and administration of Siteminder Policy Servers, Policy Stores and User Stores created in Sun One Directory server (LDAP).
- Experience as a configuration administrator to protect web applications using CA Single Sign On.
- Fine-tuned and set up High availability for IAM servers in all environments. Tested and implemented back up, recovery.
- Experienced with Failover, Load Balancing and other Administration tasks.
- Handy Experience on troubleshooting Application Authentication issues in Active directory Multi domain Environment.
- Expertise in Active Directory design and support (GPOs, AD Schema, OUs, LDAP, Sites, Replication, etc.)
- Expertise in deployment and troubleshooting of windows 2008 and 2012 R2Domain Controllers in Active Directory.
- Integrated PingFederate with active directory and Azure AD to authenticate the users as per requirement.
- Experience in Migrating Group and Exception Policies from one domain to another domain in AD forest.
IAM Products: PingFederate 6.0/7.0/8.0/9.0 , Siteminder Policy Server R12.7 R12.5, 12, 6, Siteminder Web Agents, CA Federation, Oracle CoreID 7.0, Sun One Directory Server, Oracle Directory Server 11g, Active Directory.
Programming Languages: VB, C# (.Net), Java, Perl, shell script.
RDBMS: Oracle 8i/9i, SQL Server 2003/2008/2012/2016
Web Servers: IIS, Apache, Tomcat, JBoss, IBM http server
Operating System: Solaris, Windows, Linux, AIX
Incident management tool: HP service manager and Service Now
Sr. Identity and Access Management Engineer
- Worked on Custom Authentication Schemes in Ping Access based on Business needs.
- Installed and Configured Ping Access to authenticate and authorize the users using Ping federation as token provider.
- Hands on experience in designing, deployment, implementation and architecture with Ping Access and PingFederate.
- Configured both Ping Access Reverse Proxy, Gateway to decode the JWT tokens and also installed the agent on application server to communicate with Ping federate server.
- Experience in configuring SSO with PingFederate using out of the box and custom developed authentication schemes.
- Performed POC for Ping Access Authentication Solutions. Installed PingAccess Admin server and Runtime servers in clustered environment.
- Protected multiple applications both web based and API based using Ping Access and Ping Federate.
- Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises and Ping Access and JWT tokens to authenticate the user using Ping Federation.
- Worked on Ping Access Gateway to take the Application traffic directly using Virtual Hosts and redirect back to the backend sites application with Ping Access Token.
- Worked on OAuth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into third-party vendors.
- Configured rules in ping access to authorize the users based on the requirement.
- Experience in implementation of Security Management tools in enterprise wide Applications to achieve Authentication, Authorization and Accountability.
- Expertise in analyzing the logs and Troubleshooting issues in Integration of other applications using CA SiteMinder (Access Management) and Identity Management tools along with LDAP and Web-server agents.
- Experience with application configuration with Ping Access and defining Ping Access Sites, Site Authenticators, Rules, Virtual hosts, Policies and Rules.
- Preparing Unit testing documentation. Integration of Archer with different tools/ solutions.
- Configuring access control on solution level, application-level, record-level and field-level access control functionalities of archer
- Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML, Oauth, WSFed and OpenID based integrations using Ping Federate.
- Implemented OAuth to access the protected API with Access Token by using Different Oauth Grant types.
- Enabled LDAP authentication for pingfederate Admin console and also enabled SSO for pingaccess admin console.
- Configured html adapter, opentoken adapter, Kerberos adapter and composite adapters.
- Configured authentication policies to route the users to different authentication adapters based on the user location or context.
- Configured Oauth clients to authenticate users for backend sites using PingAccess.
- Developed custom Ping Federate adapters and Ping Federate custom data source drivers using Ping Federate Java SDK (IdpAuthenticationAdapterV2 / Custom Data Source Driver /Password Credential Validator).
- Expertise in implementing SAML as both Identity Provider and Service Provider across multiple platforms Using Ping Federate.
Environment: Ping Federate 8.3,Ping Access 5.4, SAML 2.0, SAML1.1, WS-FED, OAuth2.0,Active Directory, PingDirectory, Java, C#, PowerShell,Web Agents, Oracle LDAP Directory Server 11.0g, IBM WebSphere, SQL Server, HTML, SQL, MS Visual.
Sr. Ping /SSO Consultant
- Implemented SAML solutions using Novell Access Manager.
- Configured and supported legacy application using reverse proxy.
- Supported OAuth solution using Novell Access manager.
- Created and imported users from production to staging.
- Experience in working with Novell eDirectory.
- Integrated applications to enable Single Sign-On (SSO) / Federation login in by coordinating with applicationdevelopment and business team.
- Implementing SAML Protection with Digital Signature.
- Experience with using many http tracers like Fiddler, SAML tracer, Http watch and developer tools totroubleshoot issues.
- Creating SP/IdP connections using Ping Federate with external partners. Implemented Single sign-on using the Unbound id component to interact with the Customer LDAP.
- Used Ping API to deploy and create SAML changes.
- Architecture and implementation of Identity and Access Management (IAM) solution using Ping Federate, Risk-based 2-Factor Authentication (using RSA Adaptive Authentication) and OAuth 2.0.
- Developed and designed security capabilities such as Authentication, Authorization including Multi-factor and biometric, Federation, and Mobile security.
- Worked on OAUTH to allow access to Protected API's for OAuth Clients by getting Access Token from Authorization Server using various Grant Types. Used OAuth play ground to retrieve access token and refresh token
- Designed common framework for Single Sign-On implementation for partners using Ping Federate.
- Ping Federate Performance tuning for supportingheavy traffic.
- Migrated Web Authentication solutions from CA Single Sign-On (Siteminder) to Ping Access.
- Responsible for preparing documentation for each application and providing the Run Book to the Operations team to troubleshoot issues.
- Created Shell Scripts for monitoring and reporting Siteminder, SPS, CA Directory, Web agent, and Tomcat services and accordingly perform failovers or Scale services.
- Deployed Policy Agents across different HTTP and application servers like Apache, JBoss, Jetty, and Tomcat.
- Experienced in assisting Web Administrators, LDAP Administrators to determine what the best values for SiteMinder parameters and tune the system to boost SiteMinder performance in the Web Tier, the Application Tier, and the Data Tier.
- Experience in implementing failover and load balancing schemes between Web Agents and Policy Servers and between Policy Servers and LDAP.
- Perform User administration for Active Directory Users and Computers using ADSIEdit.
- Performed active directory backups and restore and carried out installation of new Windows 2012 servers.
- Managed Active Directory users and computers and Exchange Server.
- Worked with Active Directory (domain, User accounts, groups).
- Experienced in setting up integrated security access to the portal and Single Sign-On.
- Responsible for deploying enterprise applications from Admin console and enabling security using LTPA, LDAP for admin console and application components on Windows.
Environment: Ping Federate 8.3, Ping Access 3.2,Novell Access Manager 4.2,4.3,SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Directory, Java, C#, PowerShell.
Sr. Single Sign on Engineer
- Performed maintenance of authentication directories, LDAP, including Netegrity Siteminder Single Sign On.
- Worked with the team for implementation and upgradation of new releases and related technologies within change management processes.
- Responsible for Sun ONE directory server administration, directory maintenance and replication of the directory server and consistently improved LDAP performance, and high availability.
- Supported, maintained and documented LDAP multi-master replication procedures, online promotion/demotion of servers, chaining, referrals and grouping with SunOne directory servers.
- Performed full and fractional replications as per business requirements and improved concurrent replication update.
- Configured Multi factor authentication for Siteminder protected Applications.
- Researched current best practices and industry wide standards including vendor recommendations and apply and test within the infrastructure.
- Experienced in installing, configuring Siteminder policy server Web agents, ASA agents, Domino Agents, Active Directory server (LDAP) and various Web & Application servers.
- Monitored authentication, authorization and accounting to support failover and load balancing between policy servers.
- Performed technical review of all changes in conjunction with Change management team.
- Configured web agents with policy servers, schemes, user sessions, rules, and responses to protect, manage, authenticate and authorize.
- Performed addition and modified bulk entries in directory server.
- Integrated LDAP with Netegrity Siteminder to access user stores and policies.
- Configured user sessions to support for single and multiple domains SSO.
- Conducted proactive performance tuning for operating systems, web agent, policy servers, policy stores and user stores to meet and maintains operational requirements (process, thread, connection, and cache).
- Determined the root cause, implemented solutions, applied patches to resolve authentication, authorization, and performance issues.
- Planning, designing, configuring, testing, validating, implementing and deploying of Microsoft Local Administrator Password Solution (LDPS) across client's Active Directory with GPOs.
- Supported to resolve Windows Active Directory/Exchange mail-box, calendar, and contacts access permissions, new logon attributes update, department transfer update, account reinstated related various incidents/tasks with ServiceNow systems.
- Deployed Active Directory Custom attributes to obtain for various department related objects.
- Planned, implemented and maintained Active Directory with DNS and DHCP servers.
- Active Directory replication topology created using SMTP and IP protocols.
- Planned and deployed Group Policy Objects.
Environment: CA Single sign on (6.0/12.51), Ping Federate 6.x/7.x, Oracle DSEE 11g, Microsoft Active Directory, Web Agents, Oracle LDAP Directory Server 11.0g, IBM WebSphere, SQL Server, HTML, SQL, MS Visual.
- Well experienced in installing and configuration of CA SiteMinder Policy Servers and Policy Stores to utilize SunOne Directory Server (LDAP) as the user and Policy repository on Sun Solaris, AIX, RHL and Windows.
- Upgraded CA Identity Minder to R6.
- Installed and Configured Web Agent on IIS, Apache and Sun One Web Servers and configured the Proxy Connection with Application Server.
- Created Policies, Realms, Rules, and Responses on SiteMinder to protect the applications and authenticate the users to work under SSO environment.
- Expertise in Capacity Planning and Performance Tuning of Sun One DS and SiteMinder.
- Upgraded and migrated CA SiteMinder 5.5 to R6.
- Configured SiteMinder and PingFederate Environment for SAML Federated Authentication for users coming from partner sites by configuring ID Provider/Consumer using SAML 1.0 POST binding.
- Used SAML to implement Single Sign On (SSO) to external web applications by configuring SiteMinder affiliate agents on the web servers designated for affiliate customers.
- Responsible for backup and recovery of SiteMinder and Sun ONE Directory Server environments. Developed Backup Strategies and Restoration/ Failover process.
- Identified process improvements and provided recommendations for more effective troubleshooting of complex hardware and software problems.
- Strong knowledge of Identity Management Systems like SUN IDM and CA Identity Minder.
- Used JMS for communicating various clients and its components.
- Used WSDL, SOAP and RESTful Web Services.
- Developed EJB components for middle tier component implementation and business logic implementation.
- Developed Message Driven Beans for send asynchronous notification messages.
- Implemented Log4J for Logging Errors, debugging and tracking.
- Strong analytical skills and high degree of learn-ability.
Environment: SiteMinder Policy Servers R5/6, Sun Solaris, Sun One web server, Windows Server 2000, Microsoft IIS.