Configuring a nonce on the server level

You can configure nonce for the server by using the WebSphere Application Server administrative console.

About this task

Nonce is a randomly generated, cryptographic token that is used to prevent replay attacks of user name tokens that are used with SOAP messages. Typically, nonce is used with the user name token.

You can configure nonce at the application level and the server level. However, you must consider the order of precedence.

The following list shows the order of precedence:
  1. Application level

    The application level settings for the nonce maximum age and nonce clock skew fields are specified through the additional properties.

  2. Server level

If you configure nonce on the application level and the server level, the values that are specified for the application level take precedence over the values that are specified for the server level. Likewise, the values that are specified for the application level take precedence over the values specified for the server level. Complete the following steps to configure nonce on the server level:

Complete the following steps to configure a nonce on the server level:

Procedure

  1. Access the default bindings for the server level.
    1. Click Servers > Application servers > server_name .
    2. Under Security, click Web services: Default bindings for Web services security.
  2. Specify a value, in seconds, for the Nonce cache timeout field. The value that is specified for the Nonce cache timeout field indicates how long the nonce remains cached before it is discarded. You must specify a minimum of 300 seconds. However, if you do not specify a value, the default is 600 seconds. This field is optional on the server level.
  3. Specify a value, in seconds, for the Nonce maximum age field. The value that is specified for the Nonce maximum age field indicates how long the nonce is valid. You must specify a minimum of 300 seconds, but the value cannot exceed the number of seconds that is specified for the Nonce cache timeout field. If you do not specify a value, the default is 300 seconds. This field is optional on the server level.
  4. Specify a value, in seconds, for the Nonce clock skew field. The value that is specified for the Nonce clock skew field specifies the amount of time, in seconds, to consider when the message receiver checks the freshness of the value. Consider the following information when you set this value:
    • Difference in time between the message sender and the message receiver, if the clocks are not synchronized.
    • Time that is needed to encrypt and transmit the message.
    • Time that is needed to get through network congestion.
    At a minimum, you must specify 0 seconds in this field. However, the maximum value cannot exceed the number of seconds indicated in the Nonce maximum age field. If you do not specify a value, the default is 0 seconds. This field is optional on the server level.
  5. Restart the server. If you change the nonce cache timeout value and do not restart the server, the change is not recognized by the server.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 30, 2013 4:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-base-dist&topic=twbs_confnoncesvrcellv6
File name: twbs_confnoncesvrcellv6.html