Security cache settings

Security cache settings

Configure the Web Services Secure Conversation (WS-SecureConversation) security local and distributed cache settings using the administrative console.

From the admin console, click Services > Security cache.

Time token is in cache after timeout

Sets the time that the token remains in cache after the token times out.

This field specifies the number of minutes for the time the token is in cache after the token expiration time expires (cache persist period). For example, if we specify 30 minutes, the token is kept in cache for this time period after the token expiration time. The default is 10 minutes, which is the minimum number of minutes that is allowed.

Information Value
Data type: Integer
Default: 10 (minutes)

Renewal interval before token timeout

Sets the time period before expiration that the client attempts to renew the token.

This field specifies the period of time, in minutes, before expiration that the client attempts to renew the token. This setting must specify a period of time that is longer than the time for the longest transaction or else the token might expire during the transaction. This time must include time for transport to and from the server, processing by the server, and any time delay that is because of time used for reliable messaging, when applicable. The default is 10 minutes, which is the minimum number of minutes that is allowed.

If the Security Context Token is renewed too often, it might cause Web Services Secure Conversation (WS-SecureConversation) to fail or even cause an out-of-memory error to occur. It is required that we set the renewal interval before the token expires value for the security cache to a value less than the token timeout value for the Security Context Token. It is also suggested that the token timeout value be at least two times the renewal interval before the token expires value.

Information Value
Data type: Integer
Default: 10 (minutes)

Enable distributed caching

Specifies whether distributed caching is enabled or disabled. If distributed caching is enabled, select distributed cache settings.

Use this check box to specify whether to use distributed caching when the server is in a clustered environment and when the tokens are shared across the cluster.

Information Value
Data type: Check box
Default: No distributed caching (unchecked)

When the checkbox is selected to enable distributed caching, choose one of the following settings for updating the caches.

Button Resulting Action
Synchronous update of cluster members Performs synchronous update of cache objects on cluster members (default).
Asynchronous update of cluster members Performs a non-synchronous update of the cache on cluster members. This setting allows interoperability with cluster members that use the older style of updating as implemented in versions of IBM WebSphere Application Server prior to version 7.0.
Token recovery support Assigns a shared data source as the distributed cache.

If token recovery support is selected as the update method, then select a cell level data source using the drop-down list. Token state data is saved in the database defined as the data source. If there are no available data sources in the list, click on Manage data sources to add one or more new data source objects. The data source object supplies an application with connections for accessing the database.

Custom Properties

Specifies additional configuration settings that the secure conversation client might require.

This table lists custom properties. Use custom properties to set internal system configuration properties. This collection is empty until the first custom property is defined.

Information Value
Data type: String

Select

To select further actions.

Use this check box to select custom properties for further actions. To manage existing custom properties, select the check box for the name, and then select one of the following actions:

Actions Description
Edit Select to modify an existing custom property.
This action is not displayed until we have added at least one custom property.

Delete Select to remove an existing custom property.

Information Value
Data type: Check box

New

To add and define a new custom property.

Click New to define a new custom property.

Information Value
Data type: Button

Name

Lists available custom properties.

This column displays the names of the custom properties that we can use with the secure conversation client (for example, exampleProperty). Custom properties are name-value pairs of data, where the name is a string representation of a property that is expected by the secure conversation client.

Information Value
Data type: String

Value

Lists the values of the custom properties.

This column displays the values of the custom properties (for example, true). Custom properties are name-value pairs of data, where the value is a string representation of the property setting.

Information Value
Data type: String

Related:

Secure conversation client cache and trust service configuration
Configure the Web Services Security distributed cache
Data source collection

Information	Value
Data type:	Check box
Default:	No distributed caching (unchecked)

Button	Resulting Action
Synchronous update of cluster members	Performs synchronous update of cache objects on cluster members (default).
Asynchronous update of cluster members	Performs a non-synchronous update of the cache on cluster members. This setting allows interoperability with cluster members that use the older style of updating as implemented in versions of IBM WebSphere Application Server prior to version 7.0.
Token recovery support	Assigns a shared data source as the distributed cache.

Actions	Description
Edit	Select to modify an existing custom property. This action is not displayed until we have added at least one custom property.
Delete	Select to remove an existing custom property.