12.6.3.5.2. Configuration

Please also refer to the information in the plugins and properties in the ConfigEditor by clicking on the information.svg symbol.

IAM Config Property
Value
Description
OAuth 2.0 Authorization Server Reference
Reference AS used for STET.
In the Authorization Server (AS) configuration as described on page 12.6.3.3. Airlock IAM configuration for STET PSD2, we used "stet-as" as example.
Check Validity Period
True (checked)
If unchecked the validity period of the SSL/TLS client certificate is not checked. This may be useful for testing purposes but should be enabled (the default) in all other cases.
Certificate Status Checkers
See description.
The revocation status of certificates may be checked in IAM and/or on the Airlock Gateway (WAF). See corresponding hint on page 12.6.3.2. Airlock Gateway (WAF) configuration for STET PSD2.
If checking the revocation status here, we recommend the following:
  • For good performance, use the "Caching Certificate Status Checker". Note that otherwise, an OCSP call may be preformed for every single bank API call.
  • Inside the "Caching Certificate Status Checker" use a "CRL Distribution Point Extension CRL Checker"
    • As "Fallback Checker" configure an OCSP client for the QTSPs ("OCSP Certificate Status Checker").
    • In the "OCSP Certificate Status" you need to configure a trust store with all QTSP CA's.