We provide IT Staff Augmentation Services!

Sr. Sso Engineer Resume

4.00/5 (Submit Your Rating)

SeattlE

SUMMARY

  • Around 7 years of experience in Information Technology, which includes demonstrated work experience in design, development, testing and implementation of enterprise wide security applications using CA SiteMinder, Pingfederate, PingAccess, LDAP Directory, CA Directory, Active Directory and other Sun/Netscape/iPlanet/IBM products on Windows, Unix, and Linux.
  • Experienced in installing, configuring SiteMinder policy servers, Web agents, Web Agent Option Packs, Secure Proxy servers, Pingfederate, PingAccess, ODSEE 11g server (LDAP) and various Web & Application servers on Multiple platforms like windows, unix(solaris), RHEL.
  • Experienced in SAML based authentication 1.1 and 2.0 using Ping Federate, SiteMinder Federation and integrate with SiteMinder authentication and another adapter.
  • Experienced in debugging of authentication / authorization related issues and creating Rules, Responses, Realms, and Policies in SiteMinder.
  • Successfully completed version upgrades from CA SiteMinder R6 to R12, R12 to R12.5, R12.52 to R12.6 and involved in the upgrade of Pingfederate 6.0 to 8.0 and 8.0 to 9.0, PingAccess 4.0 to 5.0.
  • Experienced in installing Pingfederate on both Linux and Windows Platform.
  • Worked on all the Pingfederate OAUTH grant types to get the access token to access the protected API. Supported development with integration of Mobile Apps using OAuth/SAML in Pingfederate.
  • Experienced in implementing the Siteminder solution to support Tokenized ID’s.
  • Experienced in configuring SSO with PingAccess using out of the box and custom developed authentication schemes.
  • Experienced in implementing SAML Protection with Digital Signature.
  • Experienced in implementing OAuth & OpenID Solutions using Pingfederate.
  • Worked on Pingfederate to allow users to perform single sign - on with other third-party applications.
  • Experienced in Form based authentication and X.509 certificate-based authentication.
  • Integrated PingAccess with Pingfederate System to get authenticated by Pingfederate and Authorized by PingAccess Servers using the Access Control Lists.
  • Experienced in installation and configuration of PingAccess.
  • Experienced in installation and Configuration ofPingAccess to Authenticate and Authorize the users usingPingfederate Session.
  • Deployed Pingfederate as both Engine and Console servers.
  • Experienced in creating SP/IdP connections using Pingfederate with external partners.
  • Experienced in performance testing the Ping Engine servers depending on the min and max threads, depending on that we used to scale the number of engine servers per cluster.
  • Protected Restful API’s using OAuth in Pingfederate so that it can be accessed only with Access Tokens.
  • Implemented OAuth to access the protected API with Access Token by using Different OAuth Grant types.
  • Experienced in installation and configuration of PingAccessPolicy Servers and PingAccessAgents.
  • Experienced on application configuration withPingAccessand definingPingAccessSites, Site Authenticators, Virtual hosts, Policies and Rules.
  • Experienced in PingAccess Integration with Pingfederate to protect the applications using PingAccess Tokens.
  • Experienced in configuration of PingAccess both asProxy Gateway to decode the JWT tokens, and also by installing the agent on application server to communicate withPingfederate server.
  • Created SP/IdP connections using Pingfederate with external partners.
  • Hands on experience in designing, deployment, implementation and architecture with PingAccess.
  • Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML, Oauth, WSFed and OpenIDbased integrations using Pingfederate.
  • Experienced in working with Composite Adapters so that user will have a multifactor authentication behavior using either their user id or email.
  • Experienced with LDAP Architecture which includes DIT and Replication Mapping between replica hub/consumer, Multi-Master/Single-Master in Oracle Directory server.
  • Finetuned and set up High availability with LDAP and Siteminder. Tested and implemented backup, recovery. Experienced with Failover, Load Balancing, and other Administration tasks.
  • Good understanding of Web Technologies like HTTP Protocol, fiddler, SAML Trace, HTML, Web-Form encoding.
  • Installed and configured web agents on IIS, Apache, Sun Java System/iPlanet web servers on Multiple Platforms.
  • Provided L-1 support to resolve the tickets raised by Application teams or clients on CA Siteminder, Pingfederate, and PingAccess.
  • Excellent communication skills and good Interpersonal skills helped me to keep productive and positive working relationships with staff from varying technical backgrounds and skill levels.

TECHNICAL SKILLS

O/S: Windows 2012 R2, 2008/2003/2000/ XP, Windows 98, UNIX, Sun Solaris, Linux, DOS, IBM-AIX,HP-UX.

Languages: C/C++, Java, J2EE, Jsp, Servlets, HTML, Java Script, shell, perl, php, .NET Framework(VB.Net,C#,ASP.Net).

SSO: SiteMinder Policy Server R12.7, R12.6/R12.5/R12/ 6.x/5.x/4.x, Web Agents 4.x type agents, 5QMR6, 5QMR7, 5QMR8, 6QMR4,6QMR5,R12 agents, Secure Proxy Server 12.52, 12.6, Pingfederate 6.x, 7.x, 8.x, Ping Access 4.x, 5.x.

Directory: CA Directory 12.0.18, 12.6, Odsee 10g, 11g, MS Active Directory, IBM-Tivoli Directory Server, Iplanets, Netscape Directory server 4.x, 5.x.

Servers: IIS, SunOne Web Server, Apache, Tomcat,SunOne App Server, WebSphere,Weblogic,IBM Http Server,JBoss.

Databases /RDBMS: MS SQL Server 2000/2005/2008/2012 R2, PL/SQL, SQL, Oracle 8i/9i/10g.

PROFESSIONAL EXPERIENCE

Confidential, Seattle

Sr. SSO Engineer

Responsibilities:

  • Worked on installation and configuration of PingAccessPolicy Servers and PingAccessAgents.
  • IntegratedPingAccesswithPingfederate System to authenticate the user usingPingfederate and Authorize byusing PingAccessServers.
  • Integrate the custom developed independent application with PingAccess to track the owner of the application which is being protected by PingAccess and Pingfederate.
  • Worked on apache web server to make the application URL work with both http and https and protected both secure and non-secure URL’s using PingAccess.
  • Worked on application configuration withPingAccessand definingPingAccessSites, rules, Virtual hosts, Policies and Rules.
  • Experienced with multiple Ping Federate adapters like HTTP Adapter, Open Token adapter and Composite adapters.
  • Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises andPingAccessand JWT tokens to authenticate the user usingPingFederation.
  • Worked onPingAccessGateway to take the Application traffic directly using Virtual Hosts andredirect back to the application withPingAccessToken.
  • Worked on configuration of PingAccess asProxy Gateway to protect the application without exposing the application URL to the end users.
  • Participated actively in Change meetings to implement the changes in higher environments.
  • Involved in failover testing and disaster recovery process and also prepared and maintained the documentation for same.
  • Involved in daily Scrum meetings to discuss day to day updates on the project.

Environment: Windows 2012 R2, RHEL 7.x, Pingfederate 8.x, 9.x, PingAccess 5.0

Confidential, San Francisco

IAM Arch & Engg Consultant

Responsibilities:

  • Upgraded Ping Federate solution from legacy (6.x) version to new (8.x) version.
  • Performed POC for Ping Access Authentication Solutions.
  • Worked on moving around 50 applications from OAM to Ping Access.
  • Worked on Custom Authentication Schemes inPingAccess based on Business needs.
  • Upgraded Ping Federate from 6.0 to 8.0.
  • Worked on applications which needed compliance requirements in relation to HIPAA, PHI, SOX.
  • Involved in discussions with the various business owners and vendors to implement the change on each application without impacting the end user.
  • Designed, deployed, and supported highly available and scalable Pingfederate infrastructure in on-premise that provides single-sign-on (SSO) and federation solutions for internal/external access.
  • Migrated around 100 applications to use the new solution which offers the users with Kerberos Authentication internally and the Forms based authentication externally using Ping Federate 8.x.
  • Executed platform upgrades for Pingfederate.
  • Installation and configuration of PingAccess.
  • Integrated Ping Access with Ping Federate servers to Authenticate using custom Adapters.
  • Worked on OAuth Grant types to get Access Token to access Protected API's.
  • Integrated OAuth with Ping federate to protect RESTful API's.
  • Protected multiple applications both web based, and API based using Ping Access and Ping Federate.
  • Worked on OAuth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into third-party vendors.
  • Implemented OAuth to access the protected API with Access Token by using Different OAuth Grant types.
  • IntegratedPingAccesswithPingFederate System to get authenticated byPingFederate and Authorized byPingAccessServers using theAccessControl Lists.
  • Workforce and Client identity management system (Ping Federate and Ping Access).
  • Upgraded Ping Federate from version 6 to 7 and from version 7 to 8.
  • Assisted developers with integration of Mobile Apps using OAuth/SAML in Pingfederate.
  • Capacity Planning in terms of hardware and user load for policy server and web agent.
  • Involved in the migration of various web-based applications which uses STS and successfully provided the solution without causing issues to the end users.
  • Worked on Ping Federate Clustering so that we can have multiple Engine servers to serve the requests in parallel and single admin server for a cluster.
  • Developed customPingAgent usingPingSDK and Implemented SAML Protection with Digital Signature.
  • Troubleshooting the issues occurred during the development of test environments.
  • Involved extensively in the production support calls to resolve the issues occurred in production to avoid the downtime for the end users.

Environment: Windows 2012 R2, RHEL 7.0, Ping federate 6.0, 8.0, Ping Access 4.1, AD (LDAP) as User Store, Oracle Database as Policy store, IIS, Apache Web Server, IBM Http Web Server.

Confidential, Dallas

Sr. SSO Consultant

Responsibilities:

  • Installed, configured and administered Policy servers r12.52 SP2, r12.6, Web Agents r12.52 SP01 CR04, CR05, Secure proxy server 12.52 SP2, r12.6 on windows 2012 R2 server.
  • Installed and configured SiteMinder policy servers and policy stores to utilize MS SQL Database as policy store and ADLDS as the user store.
  • Involved in analyzing, planning, and implementing Single Sign-On on multiple Cookie Domain and internet security to Enterprise level web applications using CA SiteMinder integrated with ODSEE 11g, Active Directory.
  • Installed and Configured CA SiteMinder federation for multiple clients which are using Ping federate, ADFS, SiteMinder to achieve Single Sign to access applications. Worked with different teams from multiple clients which has ADFS, Ping Federate, CA SiteMinder Federation to troubleshoot the issues.
  • Upgraded the SiteMinder Policy Server, Admin UI, and Secure Proxy Server from r12.52 to r12.6. Involved in testing the functionality to meet the business units. Extensively involved in troubleshooting issues that arouse in the upgrade process.
  • Determine user roles and responsibilities, classifying like users into groups to ease maintenance and rule implementations controlling access to resources appropriate to user and group classifications.
  • Created adapters, authentication selectors, policies and policy contracts to protect the applications and configure them to work under the SSO environment using Ping Federate.
  • Worked on Open Token Adapter to establish SSO between two native applications.
  • Performed POC for Ping Access Authentication Solutions.
  • Worked on Ping Access POC to migrate applications from Siteminder to Ping Access.
  • Worked on the architecture of Ping federate and PingAccess to check if we could replace CA siteminder with Ping Identity (Ping Access and Ping federate).
  • Deployed several Pingfederate integration kits for Apache, Coreblox, Atlassian, Java, PHP, Symantec VIP, Agentless, IWA etc., to establish the "first- and last-mile" implementation of a federated-identity.
  • Deployed Open token adapter and created IDP and SP connections, worked with application team to send the open token based on agent configuration.
  • Implemented the solution to support Tokenized ID’s comprising of Message Consumer Plugin, RetrieveSession Variables, and SetSession Variables Active expression. Used Message Consumer Plugin to execute the user disambiguation process and to validate the presence of user in the Database provided by a web service.
  • Implemented Custom plugin by configuring the custom table in Session Store, custom code and other required binaries, plugin configuration file, JVM Options on CA SSO Policy Server, Federation partnership and CA SSO Policies for Active responses.
  • Configured and supported SAML based Identity & Service Provider connections with several SaaS Partners.
  • Experienced in designing and deploying migration of SAML partner connections from Oracle Identity Federation & Simple SAML systems to Pingfederate.
  • Performance tuning for web server and SiteMinder along with LDAP for better response time, low latency, and high throughput.
  • Created User Directory Object and Directory Mapping object and set cookie provider.
  • Provided level 3 support for LDAP/SiteMinder related issues.
  • Configured Web Agents on all the web servers and solved the configuration issues using web agent and web server logs.
  • Effectively interacted with CA technical support teams.
  • Implemented load balancing and failover mechanism for SiteMinder Policy Server, and ADLDS server.
  • Performed technical review of all changes in conjunction with Change management team.

Environment: Windows 2012 R2, CA SiteMinder Policy Server r12.52, 12.6, Web Agents r12.52, Secure Proxy Server 12.52 and r12.6, ADLDS and AD (LDAP) as User Store, SQL Database as Policy store, IIS, Apache Web Server, IBM Http Web Server.

Confidential, NJ

Sr Single Sign-On Consultant

Responsibilities:

  • Working on SiteMinder Policy Server R12cr11, this includes installing, configuring on windows2008 server.
  • Upgrading Policy Server Version from R12cr5 to cr11 and testing the functionality to meet the business units.
  • Upgrading the SiteMinder Webagents from R6 to R12 on Linux and solaris platforms.
  • Resolve questions of program intent, data input, output requirements, and inclusion of internal checks and controls.
  • Working on federation single sign on between third party vendors making both inbound and outbound calls security exchanging the attributes in SAML both as identity and service provider.
  • Worked on sub clusters so that every time the request of the same transaction can be served by same ping engine server using session servers.
  • Worked on Adaptive Authentication using the predefined Authentication mechanism present in ping federate.
  • Implemented OAUTH using different Grant Types to get the Access token and access the protected Restful API's.
  • Worked on ROPC Grant Type to fetch the Access Token for Native Mobile Applications to call the third-party API's.
  • Worked on ID Token to get the user information using user info endpoint and send as part of scope along with Access Token.
  • Develop core features for global wealth management group including Membership provider, Role provider, Templated user controls, Security Token, Federation, Config encryption/decryption, FA Simulation/Impersonation, Control Test, Provider Test, and Federation Test applications for Online Banking.
  • Implement Security Token features to call web service if it is protected with cookie or client certificate. Implement encryption/decryption of XML config. Implement (SAML) XML-based standard for exchanging authentication and authorization data between security domains.
  • Provide both inbound and outbound federation, including large organization external to Confidential, Use SiteMinder for identity provider and SAML consumer.
  • Created SP/IdP connections using Ping Federate with external partners via metadta.xml files and Manual connections.
  • Migrated SAML Based SSO partners from Ping Federate 6.x to Ping Federate 7.x.
  • Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
  • Upgrading between Ping Federate versions 6.x to 7.x.
  • Ping Federate Performance tuning for supporting support heavy traffic.
  • Implemented OpenID and OAuth solutions using Ping Federate.
  • Implemented open token instead of traditional http headers.

Environment: Ping Federate 7.1, Ping Federate 7.3, SiteMinder 6.0/R12, OAuth2.0, Web agents 4.x,5.x,6.x, R12 Sun One directory server 5.2/ iPlanet Directory Server, Sun Solaris 2.8, Sun Java System Web Server 6.0,7.0/Oracle iPlanet Web Server and IBM HTTP Web Server, IIS 6.0/7.0/7.5.

Confidential

SiteMinder Admin

Responsibilities:

  • Integrated many applications in Policy server by creating new policies.
  • Installed and configured various web agents in accordance with the web servers involved both on Windows and Unix.
  • Configured few applications with Custom responses and with custom authentication schema.
  • Implemented password policies for all the applications using SiteMinder.
  • Created policies, realms, rules, and responses to protect the applications and configure them to work under the SSO environment.
  • Configured load balancing and failover mechanisms for various SiteMinder components in different environments.
  • Upgraded SiteMinder Policy server from version 6.0 sp1 to 6.0 sp5.
  • Worked on almost 60 policy servers in production environment.
  • Configured multi-master replication setup in the production environment across multiple data centers.
  • Configuring User Authentication Stores and Policy Authorization Stores on LDAP.
  • Installed and Configured MDHA Authentication Servers.
  • Installed and configured Webagents on IIS Web Server, IHS Web Server.
  • Worked on fetching the ldap attributes from multiple data sources.
  • Worked on WS-Trust Federation which is used to provide SSO between web services using STR.
  • Experienced in Token Generator and Token validator as part of STR and RSTR.
  • Involved in Signing the SAML using digital certificates
  • Worked on SAML Encryption and Decryption for certain financial clients.
  • Involved in Upgrading the SiteMinder Policy Server version from 6.0sp5 to R12.
  • Worked on latest version Webagents 12.0sp3 cr08 on multiple platforms.
  • Integrating Custom applications with SiteMinder by designing required Architecture.
  • Installed Report server and Report database for auditing.
  • Worked on Identity Provider and Service Provider agreements, Installed and deployed Ping Federation and involved in making secure connection and sending SAML attributes both inbound and outbound calls.
  • Installed and configured Oracle WebSphere and Worked on bridge between SiteMinder Policy Server and WebSphere.
  • Provided 24/7 on call support for solving Tickets on a rotating basis with other team members.
  • Worked on many Production Issues with High Priority.

Environment: SiteMinder 6.0sp5, r12 sp3, Web agents 6QMR4,6QMR5 Active Directory Server, Sun Solaris 2.8, Windows 2003/2008, Sun Java System Web Server 6.0, 7.0/Oracle iPlanet Web Server and IBM HTTP Web Server, IIS 5.0 and 6.0 and 7.0.

We'd love your feedback!