Enable SSO certificate revocation list checking Skip Navigation

Enable SSO certificate revocation list checking

When Single Sign-On (SSO) is enabled for your organization, a Certificate Revocation List (CRL) is maintained. A CRL is a list of digital certificates that have been revoked and should not be trusted. If CRL checking is enabled,
BlackBerry AtHoc
checks the CRL before initiating a Security Assurance Markup Language (SAML) authentication request to an identity provider (IDP) or after receiving an SAML response from the IDP.
  1. In the navigation bar, click Settings icon.
  2. In the
    System Setup
    section, click
    Security Policy
  3. In the
    SSO CRL (Certificate Revocation List) Settings
    section, select the
    Enable CRL Checking
    If the
    SSO CRL (Certificate Revocation List) Settings
    section is not visible, SSO is not enabled. For information about enabling SSO, see "Enable single sign-on" in the
    BlackBerry AtHoc
    Manage Users
  4. In the
    CRL Timeout Interval
    field, enter the number of seconds to allow for certificate validation information to be retrieved from the Certificate Authority (CA). The minimum is 1 and the maximum is 60 seconds. The default is 20 seconds.
  5. Optionally, select the
    Ignore Verification Errors
    option. This option is selected by default. When selected, any error that occurs during CRL verification is added to the diagnostic log. This option does not interrupt the SSO authentication flow. If this option is not not selected, when CRL verification fails, the user is redirected to an error page.
  6. Click