Nonce is a randomly generated, cryptographic token that is used
to prevent the theft of username tokens, which are used with SOAP messages.
Nonce is used in conjunction with the basic authentication (BasicAuth) method.
You can configure nonce for the cell level by using the WebSphere Application
Server administrative console.
About this task
Important: The information in this article supports Version
5.x applications only that are used with WebSphere Application Server
Version 6.0.x and later. The information does not apply to Version
6 and later applications.
You can configure nonce at the application
level, the server level, and cell level. However, you must consider the order
of precedence:
- Application level
- Server level
- Cell level
If you configure nonce on the application level and the server level,
the values specified for the application level take precedence over the values
specified for the server level. Likewise, the values specified for the application
level take precedence over the values specified for the server level and the
cell level. In WebSphere Application Server Network Deployment, the
Nonce
cache timeout,
Nonce maximum age, and
Nonce clock skew fields
are required to use nonce effectively. However, these fields are optional
on the server level. Complete the following steps to configure nonce on the
cell level: