Enables OCSP validation to be performed by contacting the corresponding OCSP responder. The OCSP responder is decided as follows during runtime:
If com.sun.identity.authentication.ocspCheck is true and the OCSP responder is set in the com.sun.identity.authentication.ocsp.repsonder.url attribute, the value of the attribute will be used as the OCSP responder.
If com.sun.identity.authentication.ocspCheck is set to true and If the value of the attribute is not set in the AMConfig.properties file, the OCSP responder presented in your client certificate is used as the OCSP responder.
If com.sun.identity.authentication.ocspCheck is set to false or if com.sum.identity.authentication.ocspCheck is set to true and if an OCSP responder can not be found, no OCSP validation will be performed.
Before enabling OCSP Validation, make sure that the time of the Federation Manager machine and the OCSP responder machine are in sync as close as possible. Also, the time on the Federation Manager machine must not be behind the time on the OCSP responder. For example:
OCSP responder machine - 12:00:00 pm
Federation Manager machine - 12:00:30 pm