Why and when to perform this task
Nonce is a randomly generated, cryptographic token used to prevent the theft of username tokens used with Simple Object Access Protocol (SOAP) messages. Nonce is used in conjunction with the BasicAuth authentication method.
This task provides instructions on how to configure nonce for the server level using the WebSphere Application Server administrative console.
You can configure nonce at the application level, the server level, and cell level.
Likewise, the values specified for the application level take precedence over the values specified for the server level and the cell level.
In a WebSphere Application Server or WebSphere Application Server Express environment, you must specify values for the Nonce cache timeout, Nonce maximum age, and Nonce clock skew fields on the server level to use nonce effectively.
However, in a WebSphere Application Server Network Deployment environment, these fields are optional on the server level, but required on the cell level.
Complete the following steps to configure nonce on the server level:
Steps for this task
However, in a Network deployment environment or on the z/OS platform, this field is optional on the server level, but required on the cell level.
The value specified for the Nonce Maximum Age field indicates how long the nonce is valid. You must specify a minimum of 300 seconds, but the value cannot exceed the number of seconds specified for the Nonce cache timeout field on the server level.
The value specified for the Nonce maximum age field must not exceed the Nonce maximum age value set on the cell level. You can specify the Nonce cache timeout value for the cell level by clicking Security > Web Services. This field is optional on the server level, but required on the cell level.
Related concepts
Nonce, a randomly generated token
Related tasks
Configuring nonce for the application level
Configuring nonce for the cell level
Related reference
Default bindings for Web services security