Default bindings for Web services security

Use this page to specify the configuration on the cell level in a WAS Network Deployment environment. In addition, use this page to define the default generator bindings, default consumer bindings, and additional properties such as key locators, the collection certificate store, trust anchors, trusted ID evaluators, algorithm mappings, and login mappings.

To view this administrative console page for the cell level, click Security > Web Services.

To define the server-side configuration, click Servers > Application Servers > servername. Under Security, click Web Services: Default bindings for Web Services Security.

Nonce is a unique cryptographic number embedded in a message to help stop repeated, unauthorized attacks of user name tokens. In a WAS Network Deployment environment, specify values for the Nonce cache timeout, the Nonce maximum age, and the Nonce clock skew fields for the cell level.

The default binding configuration provides a central location where reusable binding information is defined. The application binding file can reference the information in the default binding configuration.

Nonce cache timeout

Specifies the timeout value, in seconds, for the nonce value that is cached on the server. Nonce is a randomly generated value.

The maximum value for the Nonce maximum age field cannot exceed the number of seconds that is specified for this Nonce cache timeout field.

The Nonce cache timeout field is required for the cell level. If you make changes to the field value, restart WebSphere Application Server for the changes to take effect.

Default 600 seconds
Minimum 300 seconds

Nonce maximum age

Specifies the time, in seconds, before the nonce time stamp expires. Nonce is a randomly generated value.

The value that is specified in this cell-level field is the maximum value that one can specify for the Nonce maximum age field for the server level. We can specify the Nonce maximum age value for the server level by clicking Servers > Application servers > servername. Under Additional Properties, click Web Services: Default bindings for Web services security.

The Nonce maximum age field is required for the cell level.

Default 300 seconds
Range 300 to the Nonce cache timeout value in seconds

Nonce clock skew

Specifies the clock skew value, in seconds, to consider when WAS checks the timeliness of the message. Nonce is a randomly generated value.

The Nonce clock skew field is required for the cell level.

Default 0 seconds
Range 0 to the Nonce maximum age value, in seconds

Distribute nonce caching

Enables distributed caching for nonce using a Data Replication Service (DRS). In previous releases of WebSphere Application Server, the nonce was cached locally. By selecting this option, the nonce is propagated to other servers in your environment. However, the nonce might be subject to a one-second delay in propagation and subject to any network congestion.