RH-SSO does not perform CRL verification with external IDP signature

Solution Verified - Updated -


How is it possible to check and validate on SP side that the external IDP certificate does not belong to a CRL (certificate revocation list) ?


  • Red Hat Single Sign-On (RH-SSO)
    • 7.x
  • External Identity Provider (IDP) using SAML or OIDC
  • Service Provider (SP)
  • External IDP (CRL) certificate verification

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content