- Over 6+ Years of Experience in planning and providing Single Sign - On across enterprise wide applications using CA SiteMinder and Ping Identity SSO technologies, with improving technical efficiencies in Identity & Access Management space.
- Designed and configured Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate. Integrated OAuth to protect restful API’s using Ping Access.
- Installed and Configured Ping Federate Servers on both Windows and Linux environment as both engine and admin servers. Worked on upgrading Ping Federate from Version 8.3.2 to 9.3.0
- High competency in SAML 2.0, Open ID connect and OAuth 2.0.
- Adept at setting up infrastructure for Siteminder, ADFS 2.1/3.0/4.0 and Ping federate
- Worked on O-Auth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into third-party vendors.
- Experienced in using multiple Ping Federate adapters http adapter, Open token, composite adapters.
- Experience providing federation solutions using SAML 2.0, Ping Federate and CA SiteMinder Federation Service. Enforced the Ping Access policies to authorize the user for a protected resource.
- Creating Adapters, Service Provider and Identity Provider connections, replicating configuration archive, exporting Metadata, importing and exporting SSL certificates using Ping Federate
- Experience in enterprise security strategy, architectures, implementation and production support for a wide variety of applications.
- Expertise in providing MFA capability for client facing applications integrated with Azure as well as Okta.
- Design, Implement, develop solution using CA Strong Authentication and CA Risk Authentication product and its components.
- Installed and configured Web Agents on IIS, Apache, Oracle and IBM HTTP servers and troubleshoot issues associated with the Agent configurations.
- Expertise in analyzing the logs (trace logs, warn logs, alarm logs) and Trouble Shooting issues in Integration of other applications using CA SiteMinder and Identity Management tools along with LDAP and Web-server agents.
- Experience in setting up Kibana dashboards, and writing queries to filter the server logs for all different application protocols from ping federate.
- Configuring and troubleshooting Webservers like Apache, IHS, OHS, IIS, iPlanet, and Application servers like WebSphere and WebLogic.
- Good understanding of Web Technologies like HTTP Protocol, fiddler, SAML Trace, HTML, Web-Form encoding. Involved in testing phases, troubleshooting process. Developed operational and administration manuals.
- Expertise in Installation, Configuration, Deployment and Maintenance of SiteMinder Components like the Policy Server, Web Agent, Policy Store and Key Store. Configuration of SiteMinder to provide multifactor authentication and providing JSON and JWT token to clients. Experience in protecting and monitoring of applications on cloud.
- Worked on SSO infrastructure Upgrades which include SiteMinder from R .7, R12 to R12.52.
- Consistently improved SiteMinder and LDAP performance, High availability. Designed and implemented solutions for load balancing, fail-over. And monitoring the growth capacity planning.
- High quality client facing and customer interaction skills with an enormous degree of learning ability
Operating systems: Windows Server 2000/2003/2008/2012, Unix, Oracle Solaris 8/9/10, RedHat Enterprise Linux AS 2.1/3.0.
IAM Products: PingFederate 6.0/7.0/8.0/9.0, CA SiteMinder Policy Server R12.5, 12, 6, CA API Gateway 9x, web-agents, WAOP, Azure AD, Microsoft ADFS, Shibboleth, Okta, Keycloak.
Methodology: Agile/Scrum Methodology, Waterfall
Directory Server: SunOne/IPlanet server 5.x,6.x MS Active Directory, Novel EDirectory 8.7.x/ 8.8.1/8.8.5, Oracle Directory Server 11g and IPlanet meta Directory Server 5.x, Netscape Directory Servers 4. x.
RDBMS: Oracle 8i/9i, SQL Server 2003/2008, MySQL 5.0
Web Servers: MS IIS, Apache, Tomcat, JBoss, IBM WebSphere, SunOne/IPlanet WebServer, WebLogic, JBoss Sun One application serve, Single Sign-On: Ping Federate 6/7/8, Ping
Confidential, Plano, TX
IAM Security Consultant
- Successfully upgrade Ping Federation Services from 8.3.2 to 9.3.0.
- Experience in SAML based authentication 2.0 using Ping Federation, Azure AD.
- Used Ping API to deploy and create SAML changes.
- Configured both Ping Access Proxy Gateway to decode the JWT tokens and installed the agent on application server to communicate with Ping Federate server.
- Worked on OpenID Connect Basic Client Profile 1.0 for the user Authentication using Ping federate.
- Server instance creation, node federation, enterprise application installation and execution work correctly.
- Participated in providing SSO design and solutions for different applications migrating to cloud infrastructure, making app’s capable of consuming JWT and providing SSO through OIDC.
- Established a relying party trust between ADFS and Azure AD using WS-FED, this was done to implement a hybrid infrastructure where for Azure AD protected applications authentication was handled by ADFS and authorization was handled by Azure AD.
- Adept at writing custom claims using RegEx as per the app team’s requirement and writing transformation claims in ADFS policies.
- Programmatically generated SAML response by calling ADFS Windows mixed end point for applications with peculiar requirements.
- Have setup federation between Keycloak as service provider and ADFS as an identity provider for SPA applications using microservices.
- Installed and configured Microsoft provided SDK’s (phone factor) on on-premise infrastructure to provide MFA functionality for multiple RADIUS clients and Applications deployed in Azure.
- Integrated multiple RADIUS clients on MFA servers, like VPN, CyberArk, Clearpass, Palo Alto, etc.
- Strong working experience with PingFederate using SAML, OAUTH and OpenID in both Production and Non-production environments.
- Worked on debugging on performance degradation and out of memory conditions.
- Designed and implemented SLO (Single Logout Out) feature for PingFederate 8.x/9.x versions.
- Created and managed admin roles within the organization to allow application access to groups.
- Created and installed SSL (Secured Socket Layer) certificates for Oracle Weblogic Server and Apache webserver in production environment.
- Provided support for PingFederate server on a 24x7 On-call support for production, non-production, QA, SIT and development environments
- Coordinated with the Service providers and identity providers during the SAML Certificate upgrade.
- Migrated Web Authentication solutions from CA Single Sign-On (SiteMinder) to Ping Access.
- Implemented Ping Federate solution with Services like AWS, Service-Now, Salesforce.
- Integrated Siteminder with Ping federate using Coreblox token translator to bridge the SSO gap between applications protected on either system.
- Involved in Requirements gathering, development if required, integrating and testing for enabling SSO for the application.
- Integrated internal Applications, SAAS based applications using SAML 2.0, SAML 1.1, WSFED and OAuth 2.0.
- Manages 100+ federation partnerships via Ping Federate on a day to day basis, which involves provision users to cloud applications using Ping 3rd party plugins.
Environment: PingFederate 8.3.2/9.3, SAML 2.0, WS-FED, OAuth2.0, Active Directory, ADFS, Azure AD, Azure MFA, Azure App Proxy, ADFS 2.1/3.0/4.0, Okta, InAuth, Github, Jenkins, HPSM, Cherwell, CA SPS r12.52cr01, Windows Server 2012/2012r2/2016.
Confidential, Milwaukee, WI
Cyber Security Engineer
- Working on federation single sign on between third party vendors making both inbound and outbound calls security exchanging the attributes in SAML both as identity and service provider using Ping Federation.
- Created multiple Connections with the third-party applications both as Idp and Sp initiated SSO.
- Working on multiple adapters like open token, html, core blox authenticate the users and provide the identity in SAML.
- Implemented OAUTH using Ping federate for the mobile applications as oAuth Client to get the access token in order to access protected Rest API’s.
- Working on Ws- Federation to do single sign on in Soap based services using STS tokens.
- Implemented ID Token to send the user information as a part of scope with the access token.
- Worked on Authorization, implicit, resource, client credentials Grant types.
- Provide both inbound and outbound federation, Use SiteMinder for identity provider and SAML consumer.
- Worked on Ping Federate High availability trying both the cloud and in-house databases.
- Implemented the secure connection between Ping Access and Ping Federate using OAuth.
- Worked on both Gateway and Agent model while protecting the applications using Ping Access.
- Working on POC to Migrate some of the applications from SiteMinder to Ping Access.
- Working on SiteMinder Policy Server R12.52sp1cr5, this includes installing, configuring on windows2008 server.
- Worked on AD as Policy Store for both Internal and External facing Policy Servers.
- Developed Perl scripts to get the status of Policy Server
- Developed few batch and Perl scripts to automate the dump process when the process fails during its normal run.
- Migrated Policy store and key store from AD to CA Directory.
- Installed and Configured CA Directory server and DXManager to monitor the DSA’s.
- Installed Ping Federate and configured in cluster to support high availability.
- Created multiple connections with the vendors for the IDP initiated and SP initiated SSO.
- Automated the SiteMinder Agent installation and configuration.
Environment: Ping Federate 6.0/7.0/8.0, Ping Access, CA SiteMinder R12.7/R12.52/R12/R6/, Web agents 4.x,5.x,6.x, R12/R12.5, Active Directory, CA Directory R12.0.18, IBM HTTP Web Server, IIS 6.0/7.0/7.5/8.0/8.5
- Assigned as SiteMinder Engineer for upgradation, configuration, and deployments of CA SiteMinder policy server and support SiteMinder infrastructure.
- Worked on installing, configuring and administering CA SiteMinder R12, R12.52 and Sun One LDAP 11 (ODSEE) on Windows, and Linux Platforms
- Upgrading SiteMinder 12.0.X to 12.52.X, 12.7 for advanced Load balancing, failover configurations and for facilitation of user impersonation.
- Installed SiteMinder R12.7 in Linux server.
- Working on R12.7 POC to enable JWT tokens.
- Experience in installing, configuring SiteMinder policy server, Web agents, Netegrity Transaction Minder, Active Directory server (LDAP), Sun One Directory Server and various Web & Application servers.
- Installed, configured SiteMinder policy server Web agents, Active Directory server (LDAP), ASA agents, Domino Agents and various Web & Application servers.
- Designed CA SiteMinder R12 Enterprise infrastructure to provide high availability by configuring Clusters across two different data centers.
- Installed and configured various web agents on Apache, IIS 7, IIS 8, Sun one.
- Configured SiteMinder and PingFederate Environment for SAML Federated Authentication for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding.
- Install and configure PingFederate and demonstrated POC for Federation SSO with external users and partners.
- Worked in PingFederate Upgrade from 7.0 to 8.3.
- Experience with application configuration with Ping Access and defining Ping Access Sites, Site Authenticators and Rules.
- Workforce and Client identity management system (Ping Federate and Ping Access).
- Created policies, realms, rules, and responses to protect the applications and configure them to work under the CA SSO and Ping Access environment.
- Involved in troubleshooting and resolving the issues and implemented changes to enhance the performance.
- Assisted developers with integration of Mobile Apps using OAuth/SAML in PingFederate.
- Applied patches to SiteMinder infrastructure to meet business needs.
- 1 Installed and configured one view monitor and created other exception reports to ensure security is being maintained.
- Created, Configured and Administered Profiles, Clusters, Nodes and Node Groups for WebSphere Application Server.
- Implementation of fully API based SSO architecture using CA Site Minder, CA IDM, Ping Federate, and Radiant Logic Virtual Directory Server which accomplishes end applications integration with SSO easier.
Environment: Operating System: Sun Solaris v8/9/10 and Microsoft Windows Server 2000, 2008, 2003 and 2012 Web Server: IIS v5/6/7.0/8.0, Apache web server 2.0/2,4. WebLogic, WebSphere, IHS and Domino Server Directory Server: Sun One Directory Server 6.3/11, SQL server, AD, CA Directory R12.6 Policy Server: Netegrity SiteMinder Policy Server v5.5 and 6.0 and 12/12.52, R12.7 Federation: PingFederate 6.0/7.0/8.3
- Worked as SiteMinder Engineer. Supporting the entire infrastructure single sign on, involved in updating and migrating to SiteMinder r12 version of policy server and webagent on multiple platforms.
- Installing and configuring Policy Server r12 sp3.
- Installing and configuring SOA CA SiteMinder supporting the webservices single sign on.
- Installed and configured Webagent supporting r12 version in various platforms.
- Configured Policy Server Policy Store with ODBC.
- Created policies, realms, rules and responses to protect the applications and configure them to work under the SSO environment.
- Worked on Custom authentication scheme to authenticate the user with the application specific login pages.
- Worked on custom responses using smwalker libraries.
- Worked on setting up one view monitor and Tivoli monitoring system to read the metrics of Policy Server.
- Worked on wily Introscope to monitor the Policy Server performance.
- Worked closely with CA for some performance issues regarding the threads and sockets.
- Upgraded SiteMinder Policy server from version 6.0 sp5 to r12 sp3.
- Configuring User Authentication Stores and Policy Authorization Stores on LDAP and ODBC.
- Installed and configured webagent on IIS Web Server, IHS Web Server.
- Provided 24/7 on call support for solving Tickets on a rotating basis with other team members.
- Worked on many Production Issues with High Priority.
- Coordinated with testing team to perform baseline, load and regression tests on applications.
Environment: SiteMinder R12, r6sp5, Web agents, 6QMR4,6QMR5 Active Directory Server, Sun Solaris 2.8, Windows 2003/2008, Sun Java System Web Server 6.0,7.0/Oracle iPlanet Web Server and IBM HTTP Web Server, IIS 5.0 and 6.0 and 7.0.