Hi All,
I am looking for some directions to help me find out below. I have my own understanding discussed below however would need some expert comments on them.
1> Does ADFS Server(IDP only), do CRL for SSL\Secure Communication and Token Signing Certificate?
My take is that the ADFS(IDP) doesn't do the CRl for the above as it's the owner of this Certificates. The CRL checking for this Certificates would be done by the ADFS or some cloud Provide(RP\SP), who will use the Public Key of the token Signing Certificate during the process of Authenticating the users, who are redirected to the RP\SP with ADFS Token, which is in-turn digitally signed using the Token Signing Certificate.
2> If yes, then does the CRL for the Token Signing or SSL happen during the ADFS Service Restart?
Per my Understanding, during the Start up, the ADFS does do CRL with CRL.Microsoft.Com since ADFS uses the .net component.
3> Does the ADFS Proxy do CRL for the SSL Certificate used to setup a Trust with the ADFS Server?
I am looking for some directions to help me find out below. I have my own understanding discussed below however would need some expert comments on them.
1> Does ADFS Server(IDP only), do CRL for SSL\Secure Communication and Token Signing Certificate?
My take is that the ADFS(IDP) doesn't do the CRl for the above as it's the owner of this Certificates. The CRL checking for this Certificates would be done by the ADFS or some cloud Provide(RP\SP), who will use the Public Key of the token Signing Certificate during the process of Authenticating the users, who are redirected to the RP\SP with ADFS Token, which is in-turn digitally signed using the Token Signing Certificate.
2> If yes, then does the CRL for the Token Signing or SSL happen during the ADFS Service Restart?
Per my Understanding, during the Start up, the ADFS does do CRL with CRL.Microsoft.Com since ADFS uses the .net component.
3> Does the ADFS Proxy do CRL for the SSL Certificate used to setup a Trust with the ADFS Server?