Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-977

[IA-5(2)]: gap: No way to check IDP cert validity with CRL or OCSP

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • 1
    • True
    • None - Recommend filling out now that Blocked is a True/False field instead of a status.
    • False
    • Undefined
    • CMP Sprint 32, CMP Sprint 33

      Most of the IDP types, except for htpasswd which we don't permit anyway have an attribute that specifies the CA that signs the certificate of the IDP. However, there is no way of knowing if the certificate was revoked, because there doesn't seem to be a way to set an OCSP or CRL to check for certificate validity. This needs to be researched and perhaps an RFE should be filed.

              jhrozek@redhat.com Jakub Hrozek (Inactive)
              jhrozek@redhat.com Jakub Hrozek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: