Indicates whether nonce is included in the user name token for
the token generator. Nonce is a unique cryptographic number that is
embedded in a message to help stop repeat, unauthorized attacks of user name
tokens.
On the application level, if you select the Add nonce option, you
can specify the following properties under Additional properties:
Table 1. Additional nonce properties
Property name |
Default value |
Explanation |
com.ibm.ws.wssecurity.config.token.
BasicAuth.Nonce.cacheTimeout
|
600 seconds |
Specifies the timeout value, in seconds, for the nonce
value that is cached on the server. |
com.ibm.ws.wssecurity.config.token.
BasicAuth.Nonce.clockSkew
|
0 seconds |
Specifies the time, in seconds, before the nonce time
stamp expires. |
com.ibm.ws.wssecurity.config.token.
BasicAuth.Nonce.maxAge
|
300 seconds |
Specifies the clock skew value, in seconds, to consider
when the application server checks the timeliness of the message. |
These properties are available on the administrative console at the cell
and server level. However, on the application level, you can configure the
properties under Additional properties.
This option is displayed on the cell, server, and application levels. This
option is valid only when the generated token type is a user name token.