- 6+ years of experience in Information Technology industry, which involves Design, Implementation and Hand on experience on Ping Federate, Ping Access, CA Single Sign - On (also known as SiteMinder) and all LDAPS.
- Experience supporting Federation Environment (Ping) and hands-on technical experience planning and implementing IAM solutions.
- Experience with installation, integration and deployment of one of the Ping and CyberArk products in the client environment.
- Focused on the planning, designing, development, implementation of our Single Sign-On and Federation platform. Understanding of one or more of the following platforms (ADFS, Ping Federate, or Azure Federation).
- Expertise in Identity Governance and Administration, User Provisioning, Access Certification, Identity Analytics, Role-Based Access Control and also Privileged Access Management.
- Working as a part of Security team, implementing security solutions to Web applications. Experience in the field of core System Administration for Linux, Windows, and Solaris.
- Experience in Enterprise Security Implementation and Designing the SSO infrastructure.
- Worked on Ping Federate version Upgrades.
- Provided Enterprise federated identity solutions for business applications to use the service provided by third party application/vendors using Industry Standard Protocol SAML.
- Worked on creating connections in Ping Federate both as Identity Provider and Service Provider using metadata files.
- Expert on SAML, OAuth or OIDC standards and Token based authentication (RSA).
- Experience integrating applications using IDP and SP initiated SSO.
- Worked on multiple SAML profiles with different binding methods like POST, Redirect and Artifact.
- Worked on Implementing OAuth Configuration with the Clients to get the Access Token to access the web API’s.
- Worked on ID Token to send the User information through User Info End Point.
- Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises.
- Worked on Ping Access and JWT tokens to authenticate the user using Ping Federation.
- Worked on Unbound User directory to replace the Existing Oracle Directory Server ODSEE.
- Worked on Ping Access Gateway to take the Application traffic directly using Virtual Hosts and redirect back to the application with Ping Access Token.
- Integrated Ping Access and Ping Federate using OAuth.
- Protected multiple applications both web-based, and API based using Ping Access and Ping Federate.
- Migrated few applications from SiteMinder to Ping Access using Ping Federate to provide the Authentication Scheme.
- Implemented Web Access Management Solutions using Azure/ AWS or any Identity Access Management tools.
- Worked on WAM Adapter which can exchange SMSession with Ping Access Tokens.
- Experience providing SSO to the Internal users using Ping Federate.
- Provided Single Sign on for the Internal applications with the multiple Domains using Cookie Provider in SiteMinder.
- Implemented Session Linker, SAP Agent installation (upgrade), PeopleSoft agent, IBM WebSphere agent and WebLogic ASA agent.
- Consistently improved SiteMinder and LDAP performance, High availability. Designed and implemented solutions for load balancing, fail-over. And monitoring the growth capacity planning.
- Involved in testing phases, troubleshooting process. Developed operational and administration manuals.
- Understanding the business requirements and leverage the technology to meet the delivery goals. Worked close with top-level management to assure delivery. Adequate technical directions are followed, and issues are addressed.
- Experienced in supporting LDAP and SiteMinder in production environment.
- Demonstrated practical software engineering practices, outstanding technical, analytical and communication skills.
Operating System: UNIX, Oracle Solaris, RedHat Enterprise Linux AS, SUSE Linux, Windows Server
Directory Server: Unbound, CA Directory, SunOne/iPlanet server, MS Active Directory, Novel eDirectory, Oracle Directory Server
Servers: IBM WebSphere, SunOne/iPlanet WebServer, BEA WebLogic, JBoss SunOne application server, MS IIS, Apache and Apache tomcat.
Databases: Oracle, MySQL and MS SQL Server.
Single SignOn: Ping Federate, Ping Access, Ping ID, CA Single Sign-on, Web Agent and Session Linker
Other Tools: CyberArk, RSA, CA
Confidential, Addison, TX
Sr. IAM/Ping Engineer
- Worked on migrating OAuth applications from Ping OAuth to CA OAuth 2.0 by gathering necessary information from the users.
- Worked on Access Management products and solutions preferably on Directory Servers, LDAP as well as DB and Ping Access/Federation.
- Worked with vendors and application teams to migrate SAML applications from PingFederate to CA Single Sign-On.
- Worked on migrating applications from legacy environment SiteMinder to OAuth, SAML and mod OIDC.
- Helped application teams install mod-OIDC plugin on Apache Tomcat servers and migrate them from CA SiteMinder environment.
- Working closely with application teams to migrate applications off SiteMinder platform as part of decommissioning the environment.
- Worked with application teams to on-board them into SSO either with CA Single Sign-On with SAML or CA API Gateway with OAuth.
- Working with vendor for understanding on what the requirements are for each application and send them required attributes and change the IDP configuration.
- Worked on upgrading CA Single Sign-On from 12.70 base version to CA Single Sign-On 12.8 SP2.
- Troubleshooting issues with application teams and users to understand the failures of authentication and authorization.
- Worked on generating scripts to migrate CA API Gateway from a master Gateway to a clean host using Gateway Migration Utility.
- Worked on building OAuth environment using Docker, chef cookbooks and chef vault. Chef vault is used to store important information like secrets so that they are not visible in public faced applications like GitHub.
- Worked on creating cookbooks and pushing secrets to Chef vault to automate the build of API Gateways.
- Worked on POSTMAN to generate access tokens and ID tokens for OAuth and help application teams troubleshoot client errors.
- Worked on incidents and day-to-day issues as part of Business as usual works.
- Worked on root cause analysis for P2 and P1 incidents when there is an outage to the environment.
- Worked with vendor for bug fixes and issues by consulting with vendor support if needed.
- Worked in creating virtual attributes in the User Directories so that member of groups sent as part of SAML Assertions.
- Worked on writing query filters for monitoring tools like Grafana and Thalamus.
- Worked on performance testing using Apache JMeter to understand the behavior of the platform when under load
- Worked actively with team to get the platform ready for peak season.
Confidential, Plano, TX
- Designed the new parallel Environment for Access Management, which allows the Single Sign-On between the old and new environments.
- Worked with the deployment, architecture and best practices in regard to the CyberArk suite of products.
- Upgraded SiteMinder Policy Server.
- Deployed SSO with SAP WS Agents and upgrade the SAP agent from R5.6 to R12.
- Implemented and supported SSO for SAML-Based Federation using SiteMinder adapter and Ping Federate.
- Worked on Single Sign on using Ping Federate.
- Upgrade Federation servers from Ping Federate.
- Deployed the CyberArk Suite of products including Vault, Privilege Session Manager (PSM), Privilege Threat Analytics (PTA).
- Performed discovery audits and presenting findings to client management.
- Established both IDP and SP connections with third party applications to allow users to SSO using Ping Federate.
- Worked on different Ping Adapters to accept the credentials, cookie, RSA token and generate the SAML.
- Integrated various LDAP’s as user store to Ping Federate to authenticate the user.
- Worked on OAUTH implementation to get the access tokens in order to access the protected API’s.
- Designed and implemented User Directory changes from LDAP to AD.
- Implemented Directory Mapping and Authorization Mapping for Authentication on LDAP and Authorization on AD.
- Installed and Configured CA Business Intelligence R12 with CA SiteMinder.
- Advised the changes to Fujitsu Custom code to integrate with new Active Directory and complied against R12 SDK.
- Installed and Configured OneView Monitor for CA SiteMinder performance review.
- Documented end-to-end installation of SiteMinder, Web Agent, SAP Agent, Business Intelligence.
Environment: Windows Server 2003/2008, Ping Federate 6.0,7.0, CyberArk, SiteMinder R6 SP6, R12 SP3, IPlanet Web Server 6.0, MS SQL 2005/2008, Ping Federate 6.0/7.0, IPlanet Directory Server 5.2, Active Directory, SAP, JBoss 5.2, Apache 1.x/2.x, IIS 6,7,7.5 JDK 1.6, J2EE, EJB, JSP, Oracle 11g.
Confidential, Austin, TX
- Created application Inventory for 2K applications with Application Name, URL, Agent Name, Agent Group name, Host Configuration Object name, Agent Configuration Object name, and Trusted Host name.
- Identified the production Policy Servers difference in registry settings and implemented the changes.
- Involved in SiteMinder Policy Server upgrade from R6SP5 to R6SP6.
- Created Network Monitoring scripts which checks the 3DNS name, and connectivity with Network Latency and alerts the SiteMinder Admin group.
- Created the LDAP scripts which monitors the LDAP connectivity and alerts the Admin Group if connection is closed.
- Implemented Scripts on Policy Servers in order to stabilize the environment.
- Analyzed and documented the Policy Store objects to clean up the policy Store.
- Analyzed how application utilizes Host Configuration Objects and documented changes needed for Host Configuration Object.
Environment: Sun Solaris 5.8/5.9/5.10, Windows Server 2003/2008, SiteMinder R6 SP5/SP6, iPlanet Web Server 6.0, Sun One Directory Server 5.2/6.3, CA Directory Server, CA Wily Enterprise Monitor, WebLogic 8/10, JBoss 5,Apache 1.x/2.x, IIS 6, JDK 1.6, J2EE, EJB, JSP, Oracle 11g
Confidential, Pheonix, AZ
SiteMinder and LDAP Consultant
- Upgraded the SiteMinder Policy Server from R6 SP1 to R6 SP6, R6 SP5 to R6 SP6.
- Installed Policy Server R12 SP2 against Novell eDirectory user store. And created POC for R6SP6 to R12 SP2 upgrade
- Configured policies on CA SOA Security Gateway Server R12 against R12 SP2 Policy Server.
- Configured CA Wily Enterprise Monitoring tool against Apache webserver, WebLogic Server and Policy Servers.
- Involved in upgrade of Novell eDirectory server from 8.8.1 to 8.8.5 SP5.
- Installed Option pack for Policy server and Web agent for configuring the Federated Security Services and User Identity between partner sites.
- Experience in SAML federation using CA SiteMinder R12 Federation Security Services SAML 2.0 Affiliate Agents.
- Migrated SiteMinder protected environment from Unix Solaris 10 to Linux SUSE 10.
- Implemented SSO across multiple domains and created two level of authentication for additional security.
- Migrated large amount of LDAP data across the environment to create a identical production environment to support load testing.
- Integrated and configured web agents to protect and manage resources with SiteMinder Policy Server and assisted applications teams.
- Performed dib clone operations to recover the LDAP data, and added servers into replication tree and created new tree into the environment.
- Modified schema by creating custom object classes and custom attributes according to requirement.
- Implemented new techniques to support priority syncing for replication of important object.
- Supported production environment for resolving the high severity tickets without missing any SLA’s and supported Toyota environment 24 X 7
- Executing Backups and Recovery strategies for directory data (DIF), resolving backup and recovery issues in a High availability environment.
Environment: Windows Server 2003/2008, SiteMinder R6 SP1/SP5/SP6, R12 SP2/SP3 iPlanet Web Server 6.0, Novell eDirectory server 8.8.1/8.8.5, CA SOA Server R12 SP2, CA Wily Enterprise Monitor, WebLogic 8/10, JBoss 5,Apache 1.x/2.x, IIS 6, JDK 1.6, J2EE, EJB, JSP, Oracle 11g.