Is there a way in the CXF STS to enable OCSP checking of inbound
certificates? I'm using CXF 2.7.12-SNAPSHOT running on Tomcat 7.0.52, and
have set up the STS (via WS-SecurityPolicy in it's WSDL) to require
inbound messages to be signed with a BinarySecurityToken. That works, as
far as it goes, but it does not do any revocation checking. I've seen some
references online to the ws-security.enableRevocation, but the
documentation for it states that that is for CRL, which may work as a
stopgap but has some limitations (like pointing to a custom CRL location),
and besides which my customer's requirement is for OCSP.
If there's nothing there already, I can probably code something up for
that, but I'm not very clear on where or how to hook that code into my
spring configuration, so any pointers along those lines would be a big
help.
Thanx,
Steve Chappell
certificates? I'm using CXF 2.7.12-SNAPSHOT running on Tomcat 7.0.52, and
have set up the STS (via WS-SecurityPolicy in it's WSDL) to require
inbound messages to be signed with a BinarySecurityToken. That works, as
far as it goes, but it does not do any revocation checking. I've seen some
references online to the ws-security.enableRevocation, but the
documentation for it states that that is for CRL, which may work as a
stopgap but has some limitations (like pointing to a custom CRL location),
and besides which my customer's requirement is for OCSP.
If there's nothing there already, I can probably code something up for
that, but I'm not very clear on where or how to hook that code into my
spring configuration, so any pointers along those lines would be a big
help.
Thanx,
Steve Chappell