+

Search Tips   |   Advanced Search

Configure nonce using Web Services Security tokens

Nonce is a randomly generated, cryptographic token used to thwart the highjacking of user name tokens, which are used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method.

Important: The information supports v5.x applications only used with WebSphere Application Server v6.0.x and later. The information does not apply to v6.0.x and later applications.

We can configure nonce at the application level, the server level, and cell level.

If we configure nonce on the application level and the server level, the values specified for the application level take precedence over the values specified for the server level.

Likewise, the values specified for the application level take precedence over the values specified for the server level and cell level.

We must consider the order of precedence:

  1. Application level
  2. Server level
  3. Cell level

Complete these high-level tasks in the order listed:


Tasks

  1. Configure nonce for the application level.
  2. Configure nonce for the server level.
  3. Configure nonce for the cell level.


What to do next

After completing these steps, restart the server if it has not already been restarted.


Subtopics


Related:

  • Nonce, a randomly generated token
  • Default bindings and security runtime properties