|
|
|
Specific federation tasks require validation for certificates in the certificate data store. These tasks include protecting the HTTP-Artifact back channel, verifying SAML messages, and encrypting SAML messages.
To check the validity of certificates, the certificate data store can use an OCSP service. OCSP uses an HTTP service that is provided by a Certificate Authority (CA) to supply the certificate revocation status on demand.
By default, Federation Manager does not check the revocation status of a certificate in the certificate data store. To check the revocation status through an OCSP responder, enable OCSP through the Federation Manager UI. When enabled, the OCSP service checks the revocation status for configured OCSP responders every 5 minutes. This default frequency is configurable.
The following figure shows the OCSP configuration steps:
The configuration process is as follows:
| Copyright © 2012 CA. All rights reserved. |
|