- 10 years of experience and proficiency in planning and providing Identity and Access Management Solution with hands on experience using CA Single Sign - on (a.k.a SiteMinder), PingFederate, Oracle Directory Service Enterprise Edition (ODSEE), Oracle Unified Directory and Ping Identity SSO technologies and implementation of end-to-end security solutions involving different security products.
- Experienced in SAML 1.1 and SAML 2.0, OAuth2.0, OpenID Connect (OIDC) implementation for Identity Federation, delegated Authorization using PingFederate
- Amplify the security using Multi-Factor Authentication in PingFederate using RSA SecurID, SecureAuth MFA.
- Implement Performance Tunings of PingFederate Runtime Servers in Cluster Environment
- Experienced Implementing Ping Federate all Oauth2.0 grant types to get the access token in order to access the protected API (Resource Server).
- Experienced in LDAP Directories Oracle ODSEE, Ping Directory, OVD, Microsoft Active Directory
- Experienced in Installation, Configuration, Deployment and Maintenance of SiteMinder Components such as Policy Server, Web Agent, Policy Store and Key Store.
- Expertise in setting up the PingFederate Partnership Federations by using the SAML 2.0 Protocol. Work with various vendors to establish federation connection.
- Implemented highly available load-balanced Multi Master Replication LDAP services with upgraded versions.
- Create and configured Default and Custom Adapters to join Multiple Data Sources using OVD
- Involved in Capacity management with hardware and software architecture for middleware integration and management
- Strong Foundation in setting up the SSL KeyStore’s for securing the hand-shake between the systems.
- Worked as a part of Single Sign on team, Protecting Web applications with Standard/Custom Authentication Schemes and educating the application team about the flow of authentication and authorization
- Create, configure and tune WebLogic domains to manage the Oracle Virtual Directory component using Oracle Enterprise Manager Fusion Middleware Control and ODSM
- Responsible for collaborating on and setting cloud vision; providing thought leadership in cloud infrastructure and cloud services architecture.
- Thorough knowledge of maintaining and troubleshooting Windows, Solaris, Red Hat & OEL systems
- Experienced in architecture, designing DIT & schema, implementation, configuring multi master replication for high availability, performance tuning, maintenance and troubleshooting of Enterprise Directory
- Implemented performance tools like SLAMD performance load test to test the Directory server hot fixes as well as some architectural changes and compare the performance with the benchmarked result.
- Working experience in a Multi-Master and Single-Master Directory Server environment
- Develop SOPs, Resiliency plans, and other necessary documentation to support Operations and Reliability engineering in Authentication and Authorization space.
- Possess extensive knowledge of day-to-day administrative tasks like creating and managing user accounts, Scheduling cronjob, file system management including mounting and maintenance in Linux and Unix OS
- Experience in Monitoring & Tuning Enterprise LDAP Directory Services
- Experience in developing various Shell, Perl, VB scripts
- Experience in installation and configuration of WebSphere, Apache, IPlanet, JBoss, Glassfish and WebLogic.
- Experienced in Disaster Recovery Planning, high-availability solutions, backup and recovery, performance tuning, capacity planning, along with support maintenance and operations
- Deployed, administered and maintained Sunone Identity Synchronization for data sync across datastores.
- Experienced in developing and creating Automation Services for application performance Load Testing
- In depth understanding of Identity and Access Management solutions such as OIM, OAM, OpenSSO, PingFederate, SecureAuth, ForgeRock Open AM, CA Single Sign-on (a.k.a SiteMinder)
- Experienced in application development using C/C++, Java/J2EE and integration various applications with Enterprise Directory services using J2EE, JNDI, SDK’s
- Expertise in analyzing CPU, File System I/O, Memory leaks, JVM heap settings and tuning servers’ performance from thread dump and core dump analysis
- Collaborated with the application development team and provided support for the infrastructure and integration requirements of applications
- Good Experience in Ping Federate deployment and configuration
- Good communication, presentation and leadership skills, flexible at meeting the business requirements and a good team player.
- Oracle Directory Server Enterprise Edition (ODSEE) 11G, Ping Directory, OpenDJ,
- CA Single Sign-On (SiteMinder) R12.5, R12 SP2, SP3 / R6 SP1, SP2, Oracle Access Manager, PingFederate 8,9, SecureAuth (MFA), Oracle Internet Directory, Directory Proxy Server, ForgeRock OpenAM, Microsoft Active Directory & Azure SSO
- SLAMD, Softerra, Jxplorer, Command line tools, Directory Service Control Center,ODSMSplunk
- Oracle Virtual Directory (OVD), Radiant Logic Virtual Directory
- Identity Synchronization for windows (ISW), Directory Integration platform (DIP)
- Apache, Oracle HTTP Server (12c), IBM HTTP Server, iPlanet Web Server
- Web sphere, WebLogic, Tomcat and Glassfish
- Oracle, Sybase, MSSQL and MySQL
- Orapki, Opatch, ldapbind, ldapsearch
- C, C++, JAVA/J2EE, JSP, PHP, JNDI, C & Java SDK
- HTML4,5 /DHTML, XML, CSS, JSP
- Shell, Perl, VB Script
- GIT, SVN, CVS
- Maven, Gradle, ANT
- Agile, Scrum, Waterfall
Confidential, Princeton, New Jersey
- Enable IDP-Initiated and SP-Initiated SAML profiles with different bindings as per the business and security requirements.
- Configured RSASecurID and enabled multifactor authentication using RSASecurID adapter.
- Implemented Oauth2.0 protocol for mobile and non-browser solutions using Ping Federate to retrieve the access token and refresh token.
- Creating and renewing CA Signed Certificates for Federation of external Services to achieve the purpose of maintaining confidentiality
- Implement SAML based authentication 1.1 and 2.0 using Ping Federation and integrate with IDP SiteMinder Adapter for authentication.
- Integration of SAAS application using PingFederate via Kerberos/HTML Form based authentication, integrating Ping Federate with Site Minder and LDAP, configuring adapter etc.
- Involved creating IDP SAML based Connections in AzureAD to connect/access to several SaaS Applications.
- Worked on Implementing various Ping Federate Oauth2.0 grant types to get the access token in order to access the protected API (Resource Server) with Rest API calls using Postman.
- Administer Oracle Directory Services in Multi Master Replication Environment across multiple datacenters.
- Configured multiple PingFederate adapters like http adapter, token adapter, SecureAuth and composite adapters.
- Creating virtual attributes using oracle Proxy Server functionality for memberOf groups are sent as part of SAML Assertion.
- Good Understanding of Failover, Load Balancing (F5, A10), GTM other network tasks.
- Protected Enterprise applications with SiteMinder by creating CA Single Sign-on policy server objects like ACO, HCO, Agents, Rules, Realms, Responses and Policies
- Installed web agents on various web servers and configured agents to integrate existing and new applications for SSO.
- Migrated SSO protected Applications from Existing servers to new servers with zero downtime.
- Webserver Troubleshooting (configuration file consistency checking, restarting processes, coordinate with other support teams & business units for resolution)
- Develop plans for migration of LDAP(ODSEE) services from one platform architecture to a new type of architecture
- Analyze LDAP logs and Perform LDAP performance turnings and indexing.
- Implemented performance tools like SLAMD to test the Directory server hot fixes as well as some architectural changes and compare the performance with the benchmarked result.
- Create complex LDAP ACI, Roles and Groups for application authorizations in LDAP.
- Analyze LDAP, Web Agent, Policy server, application logs, Firefox SAML tracer for day to day troubleshooting.
- Create high level diagrams of the LDAP and SSO workflows and/or operations
- Design and Implemented migrating LDAP and SiteMinder servers hosted on RHEL from one data center to another data center.
- Strong Foundation in PKI, Ability to create Certificate CSRs, edit truststores/keystore, troubleshoot certificate problems using openssl/curl.
- Created and configured connections to Directory server and web agents by creating host and agent configuration objects with respect to IIS and Apache web server requirements
- Created activity and intrusion reports for policy server by monitoring Authentication logs.
Environments: PingFederate 9.1.2 , ODSEE 184.108.40.206.x, CA SiteMinder, CA Security Proxy Server, Oracle Proxy Server, SLAMD, Softerra, SAML 2.0. Oauth2.0, Active Directory, VB Script, JAVA, Oracle iPlanet 7, Apache Tomcat, WebSphere, Splunk, HP-monitoring Tool, Glassfish, WebLogic, Identity Synchronization for Windows (ISW), GIT, RHEL 7.X, Solaris 11.
- Design and Implement redundant PingFederate Environment without compromising Security, usability and compatibility
- Enable Authentication trees in PingFederate for Multifactor authentication based on the user authentication flows.
- Implemented OpenID connect setup for Single Sign-On using PingAccess and PingFederate
- Configured Token translation technique using different Adapters in Ping
- Implement Evaluating user risk and application sensitivity, orchestrate authentication workflows like enabling stepup Authentication using PingFederate Policies.
- Integrated Ping Federate with SecureAuth for implementing Applications with Multi-Factor Authentication.
- For MFA, Installed SecureAuth Appliance and create realm for SecureAuth API to configure in PingFederate SecureAuth Second Factor Adapter.
- Worked on Implementing all types of Oauth2.0 grant types to get the access token in order to access the protected API (Resource Server)
- Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate.
- Co-ordination with Ping Federate vendor if any software related issues.
- Involved in Install and configure Ping Access servers, Gateways and Agent to protect the resources.
- Integrated Ping Access with Ping Federate system to get authenticated by Ping Federate and authorized by Ping Access servers.
- Worked on Ping Access Integration with Ping federate to Protect the applications using Ping Access Tokens.
- Integrated internal Applications, SAAS based applications using SAML 2.0, SAML 1.1, WSFED and OAuth 2.0.
- Implemented different Ping Adapters to accept the SecureAuth token, credentials, cookie to generate the SAML.
- Implemented OAuth and OpenID for mobile and non-browser solutions using Ping Federate.
- Successfully upgraded Ping Federation Services from 7.x to 8.x in a cluster environment
- Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate.
- Installed and configured Ping Access servers, Gateways and Agent to protect the application resources.
- Create and Configure Password credential validators (PCV) in PingFederate to define a centralized location for credential validation.
- Installed Web Agents on different webservers flavors like Apache, IIS and Sun One.
- Developed shell scripts for backing up current setup and upgrading between different Ping federate versions.
- Provided solutions for complex application using Ping Federate.
- Supported production environment without missing any SLA’s and supported environment 24 X 7
- Using Splunk, Analyze logs for performance optimization. Find & fix issues in real time also Develop dashboard for connection operation metrics.
- Install and Administer ODSEE LDAP Directory Server, Oracle Virtual Directory, Oracle Proxy Server for Internal and External user Authentication.
- Implemented Oracle Virtual Directory (OVD) Join Adapters, Local Store Adapters using Oracle ODSM to join Multiple Data Sources and avoid password Synchronization from Active Directory to LDAP
- Co-ordinate with Oracle vendor and Installed Hot fixes, Patches for performance, memory leak and security Vulnerability related Issues.
- Configured performance tuning on Directory Servers (operational size limits, indexes, and import, database, entry cache).
- Performed various tests & through analysis on determining the optimal Cache Values for Directory Servers to improve performance
- Analyze technical and functional methodologies of application requirements and develop Enterprise Directory Architecture strategy by ensuring scalability, high-availability, Performance to support critical business applications
- Implement complex Access Control Information (ACI’s) rules for Oracle Directory Server Enterprise Edition.
- Provided roll-back plans to all application teams when any issue.
Environments: PingFederate 8,9, Ping Access 5.x, Ping Access Gateway, LDAP ODSEE 11G, Oracle Proxy Server, SLAMD, Softerra, Windows Active Directory, VB Script, JAVA 1.7, Oracle iPlanet 7, Apache Tomcat, WebSphere, Splunk, HP-monitoring Tool, Glassfish, WebLogic, Identity Synchronization for Windows (ISW), GIT, RHEL 7.X, Solaris 11.
Confidential, Quincy, Boston
- Integrate the applications with PingFederate, Implement SAML based authentication 1.1 and 2.0 using Ping Federation and integrate with IDP SiteMinder Adapter for authentication.
- Evaluate PingFederate performance and configure tunings (if necessary) such as acceptQueueSize, server thread pools etc.
- Adjust the PingFederate log level for debugging in log4j.xml file and optionally re-enable console logging.
- Worked on the migration of legacy SSO connections to Ping Federate technology standards
- Maintained both Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.
- Provide L3 support for PingFederate, CA SiteMinder & Oracle Directory Server, Oracle Proxy Server,
- Integrate IdP SiteMinder Adapter configured with RSA SecurID Authentication Scheme for Multifactor Authentication.
- Implemented different Ping Adapters to accept the RSASecurID token, credentials, cookie to generate the SAML.
- Integrated and configured web agents to protect and manage resources with SiteMinder Policy Server and assisted applications teams.
- Coordinate with Information Security team to onboard Application for SS0 to ensure solution assurance and compliance to security policy, procedures, standards and baseline security configurations.
- Actively participates in diagnosing, troubleshooting and resolving user and/or system problems related to SSO and Multifactor Authentication.
- Drives root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions
- Work with Enterprise Architecture and Business teams to identify new areas where IAM can be utilized and enhance IAM capabilities to address new business needs
- Protected Enterprise applications with SiteMinder by creating Policy Objects, Authentication Schemes, Policies, Realms, Rules and Responses.
- Install, configure and upgrade SiteMinder Web agents with IIS v5/6 and Apache, Oracle iPlanet 6/7 web servers & WebLogic.
- Working as a part of Access Management team, Protecting Web applications with Standard/Custom Authentication Schemes and educating the application team about the flow of authentication and authorization
- Created security permissions by creating rules, realms, and policies with in multiple policy servers for protecting resources stored on web servers.
- Configure Rules, Response and Policies as per the need of Application and Creating/ managing the user directory view
- Implement, Administer LDAP Sun DSEE 6.3 & ODSEE 11G Directory Services
- Created Multi Master Replication Agreements between Sun DSEE 6.3 & ODSEE 11G
- Redesign the existing LDAP schema with some custom attributes and object classes.
- Created LDAP instances using Binary backup files from one host/machine to other Host/machines.
- Installed & configured Directory Proxy Server (DPS) on various machines in all environments
- Created Request filtering Policies in DPS to limit specific operations such as BIND/ADD/SRCH/MOD/DEL.
- Created Resource limit Policies in DPS to limit resources based on operations, connections, IP’s, size, & time limits.
- Fine Tuning of JVM profiling & configuration of DPS for better performance.
- Create & Present Periodic performance, progress and current status reports and dashboard to client
- Managing day to day communication with the client and acting as primary point of contact
Environments: ODSEE 220.127.116.11.x, Oracle Proxy Server, SLAMD, Softerra, VNC Remote Service, Active Directory, JAVA, Splunk, HP-monitoring Tool, Glassfish, WebLogic, Identity Synchronization for Windows (ISW), GIT, RHEL 7.X, Solaris 11.
- Installation & Maintenance of Directory Server Enterprise Edition 6.3 & 6.3.1 on various Linux Machines
- Adding Patches & Hot fixes on top of DS 6.3.1 for performance related Issues
- Responsible for preparing documentation for each application and providing the Run Book to the Operations team to troubleshoot issues.
- Administer Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.
- Responsible for preparing document for each application and providing the Run Book to the Operations team to troubleshoot issues.
- Created IDP/SP connections using Ping Federate with external partners via Metadata XML, URL’s files and manual connections.
- Installation and configuration of Directory Servers to store and maintain application-based data to provide simultaneous support for multiple real-time applications as well as other data elements.
- Coordinated & supervised the major Password Change Implementation for all the applications & accounts existing in LDAP.
- Written Automation scripts for high level Security Monitoring & Audit Projects.
- Monitoring tasks involving checking unauthorized access to LDAP directory
- Provided Training for a group of 3-4 people on Sun LDAP Directory Services (DSEE 6.3)
- Monitored replication status and maintained replica and master synchronization in order to maintain integrity of searches on replica consumers.
- Plan Backup and Recovery Strategies for directory data (offline, online, binary, LDIF)
- Extending the existing schema when necessary by creating custom object classes and custom attributes using the proper existing object classes and attributes.
- Implemented replication strategies for HA and Failover using MMR, write failover, load balancing, directory proxy
- Manage LDAP Certificate for Attribute Encryption.
- Using SLAMD, Performed load Generation stress testing and performance analysis of network-based applications