Tune Web authentication

To tune the Web authentication process, consider the following steps:

1. If you feel your environment is secure enough, consider increasing the cache and token time-out settings. (These settings are available as general properties on the Global Security panel in the WebSphere administrative console.) By doing so, re-authentication is less frequently required. This action allows subsequent requests to more frequently reuse the credentials that are already created. The downside of increasing the token time-out is the exposure of having a token highjacked. The higher time-out setting provides the highjacker more time to hack into the system before the token expires. Use security cache properties to determine the initial size of the primary and secondary Hashtable caches, which affect the frequency of rehashing and the distribution of the hash algorithms. See Security cache properties for a list of these properties.

2. Consider enabling single signon. Single signon is only available when you select LTPA as the authentication mechanism in the Global Security panel of the WebSphere administrative console. When you select single signon, a single authentication to one application server is adequate to make requests to multiple application servers in the same single signon domain. There are some situations where single signon is not desirable, so single signon should not be used in these situations. For more information about single signon, see Configure single signon.