Configure nonce using Web services security tokens

Configuring nonce using Web services security tokens

Nonce is a randomly generated, cryptographic token that is used to thwart the highjacking of user name tokens, which are used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method.

About this task
Important: The information in this article supports Version 5.x applications only that are used with WebSphere Application Server v6.x and later. The information does not apply to Version 6.0.x and later applications.
You can configure nonce at the application level, the server level, and cell level.
If you configure nonce on the application level and the server level, the values specified for the application level take precedence over the values specified for the server level.
Likewise, the values specified for the application level take precedence over the values specified for the server level and cell level.
You must consider the order of precedence:

Application level
Server level
Cell level

Complete these high-level tasks in the order listed:

Procedure

Configure nonce for the application level.
Configure nonce for the server level.
Configure nonce for the cell level.

What to do next
After completing these steps, restart the server if it has not already been restarted.

See also

Configuring nonce for the server level
Configuring nonce for the application level
Configuring nonce for the cell level

Related concepts
Nonce, a randomly generated token Related tasks
Securing Web services for V5.x applications using XML digital signature Related reference
Default bindings for Web services security