Documentation

Table of Contents


Other Resources


The Identity Management (IdM) tool in SecureAuth® Identity Platform (formerly SecureAuth IdP) contains the Revoke Certificate page. As an administrator, use this page to view and revoke user certificates.

Prerequisites

A realm for the Revoke Certificate page with the following tabs configured before setting up the Post Authentication tab: 


Identity Platform configuration

  1. Go to the Data tab. 
  2. In the Membership Connection Settings section, set the following to restrict this realm to to only administrators in the Group Permissions subsection. 

    User Group Check Type Set to Allow Access
    User GroupsEnter the group name to which administrators belong. For example, Admins. 
    Groups FieldThe groups field in the data store directory containing the group information for each user. 

  3. Save your changes. 
  4. Go to the Post Authentication tab. 
  5. In the Post Authentication section, set the following. 

    Authenticated User Redirect Set to Revoke Certificate
    Redirect ToThis field is autopopulated with the post authentication .aspx page. This is appended to the domain name and realm number in the web address bar. For example, Authorized/RevokeCert.aspx. 

  6. Save your changes. 


Optional configurations for token or cookie settings and SSO

In the Forms Auth/SSO Token section, you can optionally configure the token or cookie settings, and single-sign on (SSO) for this realm.

To configure token or cookie settings, see Configure token or cookie settings.

To configure this realm for SSO, see SecureAuth IdP single sign-on configuration.

To configure this realm for Windows Desktop SSO, see Windows desktop SSO configuration


Troubleshooting

In some situations, IIS caches the CRL and does not automatically grab the latest CRL for revocation. This can happen in realms using ActiveX plugin from SecureAuth to validate certificates or in realms validating Java certificates.

To force IIS to check for the updated CRL, run the following comand as an administrator:

certutil -setreg chain\ChainCacheResyncFiletime @now
  • No labels