Configuration

Please also refer to the information in the plugins and properties in the ConfigEditor by clicking on the information.svg symbol.

IAM Config Property

Value

Description

OAuth 2.0 Authorization Server Reference

Reference AS used for STET.

In the Authorization Server (AS) configuration as described on page Airlock IAM configuration for STET PSD2, we used "stet-as" as example.

Check Validity Period

True (checked)

If unchecked the validity period of the SSL/TLS client certificate is not checked. This may be useful for testing purposes but should be enabled (the default) in all other cases.

Certificate Status Checkers

See description.

The revocation status of certificates may be checked in IAM and/or on the Airlock Gateway (WAF). See corresponding hint on page Airlock Gateway (WAF) configuration for STET PSD2.

If checking the revocation status here, we recommend the following:

  • For good performance, use the "Caching Certificate Status Checker". Note that otherwise, an OCSP call may be preformed for every single bank API call.
  • Inside the "Caching Certificate Status Checker" use a "CRL Distribution Point Extension CRL Checker"
    • As "Fallback Checker" configure an OCSP client for the QTSPs ("OCSP Certificate Status Checker").
    • In the "OCSP Certificate Status" you need to configure a trust store with all QTSP CA's.