+

Search Tips   |   Advanced Search

 

Distributing nonce caching to servers in a cluster

 

Distributed nonce caching enables you to distribute the cache for a nonce to different servers in a cluster. Before configuring distributed nonce caching, configure cache replication. For more information, see Configuring cache replication.

When you configure the cache replication, do not use the default value of a single replica for the Number of replicas for dynamic cache replication domains. Instead, use a full group replica for any replication domains that you configure for dynamic cache. If you cannot select the option, verify your cache replication configuration.

 

Overview

In previous releases of WAS, the nonce was cached locally. To use this feature, complete the following actions:

 

Procedure

  1. Verify that you created an appropriate domain setting when you form a cluster.

    For more information, see Creating clusters.

  2. Verify that replication domain is properly secured. The nonce cache is crucial to the integrity of the nonce validation process. If the nonce cache is compromised, then you cannot trust the result of the validation process.

  3. In the console for the cell level, select the Distribute nonce caching option. You can enable the option by completing the following steps:

    1. Click Servers > Application servers > server.

    2. Under Security, click Web services: Default bindings for Web services security.

    3. Select the Distribute nonce caching option.

  4. Verify that the dynamic cache service is enabled for each one of the appservers in your cluster. To access the dynamic cache service through the console, complete the following steps:

    1. Click Servers > Application servers > server.

    2. Under Container settings, click Container services > Dynamic cache service.

    3. Confirm that the Enable service at server startup option is selected.

  5. In the console for the server level, select the Distribute nonce caching option. You can enable the option by completing the following steps:

    1. Click Security > Web services.

    2. Select the Distribute nonce caching option.

  6. Restart the servers within your cluster.

 

Results

When you select the Distribute nonce caching option in the console, the nonce is propagated to other servers in your environment. However, the nonce might be subject to a one-second delay in propagation and subject to any network congestion.

 

What to do next

For more information on distributed nonce caching, see Web services security enhancements.

 

Related concepts


Distributed nonce cache
Nonce, a randomly generated token
Web services security enhancements

 

Related tasks


Configure Web services security using JAX-RPC at the platform level

 

Related Reference


Security considerations for Web services