Secure conversation client cache

For both distributed and local clients, the WebSphere Application Server secure conversation client cache stores tokens on the client.

WebSphere Application Server supports the caching of Security Context Token for both distributed client and local client. If Security Context Token is distributed, a client in the same replication domain uses the same Security Context Token. Distributed cache also support the disk offload to save Security Context Token to disk for recovery.

If you choose to modify the default Secure Conversation cache settings, use the administrative console to configure settings such as the following:

The WS-SecureConversation client rejects a Security Context Token that is issued at a future time. If you cannot synchronize the clock between the client machine and service machine, the clock skew could be configured to prevent the rejection of a valid token. The default clock skew is 3 minutes. To modify the default clock skew setting, add the following custom property to the desired minutes:
clockSkewToleranceInMinutes

Alternatively, use the wsadmin commands to manage secure conversation client cache configurations.

Thin client

For a Web Service application client running outside WebSphere Application Server, the security context token is cached only in the local Java process. The following system properties can be used to override the default cache setting on the thin client:

com.ibm.wsspi.wssecurity.SC.cache.cushion
Specifies the time in minutes to renew a security context token to be used with WS-SecureConversation on the client side so that the security context token has enough time to complete the downstream call. The default value is 10 minutes, and the minimum value is 3 minutes.
com.ibm.wsspi.wssecurity.SC.token.clockSkewTolerance
Specifies the tolerant clock skew time for a token between two machines. The default value is 3 minutes.



Related concepts
Web Services Secure Conversation
Related tasks
Managing secure conversation client cache configurations using the wsadmin tool
Configuring the secure conversation client cache using the administrative console
Related reference
Secure conversation client cache settings
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=cwbs_wssecureconvclientcache
File name: cwbs_wssecureconvclientcache.html