Why and when to perform this task
Important: The information in this article supports version
5.x applications only that are used with WebSphere Application Server Version
6. The information does not apply to version 6.0.x applications.
Nonce is
a randomly generated, cryptographic token used to thwart the highjacking of
username tokens used with Simple Object Access Protocol (SOAP) messages. Nonce
is used in conjunction with the basicauth authentication method.
This
task provides instructions on how to configure nonce for the cell level using
the WebSphere Application Server administrative console. You can configure
nonce at the application level, the server level, and cell level. However,
you must consider the order of precedence. The following list shows the order
of precedence:
- Application level
- Server level
- Cell level
If you configure nonce on the application level and the server level,
the values specified for the application level take precedence over the values
specified for the server level. Likewise, the values specified for the application
level take precedence over the values specified for the server level and the
cell level. In WebSphere Application Server Network Deployment, the Nonce
cache timeout, Nonce maximum age, and Nonce clock skew fields are required
to use nonce effectively. However, these fields are optional on the server
level. Complete the following steps to configure nonce on the cell level: