WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Configure XML digital signature for v5.x web services with the dmgr consoleConfigure nonce using Web Services Security tokens
Nonce is a randomly generated, cryptographic token used to thwart the highjacking of user name tokens, used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method. The information in this article supports v5.x applications only used with WebSphere Application Server v6.0.x and later. The information does not apply to v6.0.x and later applications.
We can configure nonce at the application level and server level.
If you configure nonce on the application level and the server level, the values specified for the application level take precedence over the values specified for the server level.
You must consider the order of precedence:
- Application level
- Server level
Complete these high-level tasks in the order listed:
After completing these steps, restart the server if it has not already been restarted.
Subtopics
- Configure nonce for the server level
Nonce is a randomly generated, cryptographic token used to prevent the theft of username tokens, used with SOAP messages. Nonce is used in conjunction with the basic authentication (BasicAuth) method. We can configure nonce for the server level using the WAS dmgr console.- Configure nonce for the application level
Nonce is a randomly generated, cryptographic token used to thwart the highjacking of Username tokens, used with SOAP messages. Use nonce in conjunction with the basic authentication (BasicAuth) method. We can configure nonce for the application level using the WAS dmgr console.
Related concepts:
Nonce, a randomly generated token