search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
735 stars 715 forks source link

[Doc] Missing steps in 'Configuring X509Certificate Authenticator' #4414

Open YvonneW opened 5 years ago

YvonneW commented 5 years ago

Background Prior to 570 WSO2 IS versions, CRL and OSCP validations were disabled in the certificate-validation.xml file in the /repository/conf/security/ repository.

From 570 onwards, the certificates of CAs and intermediate CAs that are to be considered as trusted CAs for X509 authentication must be configured in the certificate-validation.xml as follows.

`<?xml version="1.0" encoding="ISO-8859-1"?>

…….

`

To complement this behaviour, CRL and OSCP validations were enabled by default from WSO2 IS 570 onwards. So, if you don't want to configure the truststore as given above, you will have to disable the CRL and OSCP validation as well.

To-Do Add a separate section subsequent to the 'Configuring the X509 Certificate for the app' section in the Configuring X509Certificate Authenticator page to explain this behavior.

YvonneW commented 5 years ago

Added a new section called Disabling Certificate Validation with the steps required to disable CRL and OCSP validators.