+

Search Tips   |   Advanced Search

Web services: Default bindings for the Web services security collection

Use this page to configure the settings for nonce on the server level and to manage the default bindings for the signing information, encryption information, key information, token generators, token consumers, key locators, collection certificate store, trust anchors, trusted ID evaluators, algorithm mappings, and login mappings. To view this console page for the server level, complete the following steps:

  1. Click Servers > Application Servers > server.

  2. Under Security, click Web services: Default bindings for Web services security.

Read the Web services documentation before you begin defining the default bindings for Web services security.

Nonce is a unique cryptographic number that is embedded in a message to help stop repeat, unauthorized attacks of user name tokens.

In WebSphere Application Server and WAS Express, specify values for the Nonce cache timeout, Nonce maximum age, and Nonce clock skew fields for the server level.

The default binding configuration provides a central location where reusable binding information is defined. The application binding file can reference the information that is contained in the default binding configuration.

Nonce cache timeout

[V5 and 6 only]

Timeimeout value, in seconds, for the nonce cached on the server. Nonce is a randomly generated value.

The Nonce cache timeout field is not required on the server level, but it is required on the cell level. To specify a value for the field on the cell level, click Security > Web services.

If you make changes to the value for the Nonce cache timeout field, restart the appserver for the changes to take effect.

Default 600 seconds
Minimum 300 seconds

Nonce maximum age

[V5 and 6 only]

Specify the default time, in seconds, before the nonce timestamp expires. Nonce is a randomly generated value.

The maximum value cannot exceed the number of seconds that is specified in the Nonce cache timeout field for the server level.

The Nonce maximum age field is not required on the server level, but it is required on the cell level. The value set for this Nonce maximum age field on the server level must not exceed the value for the Nonce maximum age field on the cell level. To specify a value for the Nonce maximum age field on the cell level, click Security > Web services.

Default 300 seconds
Range 300 to the value that is specified, in seconds, in the Nonce cache timeout field.

Nonce clock skew

[V5 and 6 only]

Specify the default clock skew value, in seconds, to consider when the appserver checks the timeliness of the message. Nonce is a randomly generated value.

The maximum value cannot exceed the number of seconds that is specified in the Nonce maximum age field.

The Nonce clock skew field is not required on the server level, but it is required on the cell level. To specify a value for the Nonce clock skew field on the cell level, click Security > Web services.

Default 0 seconds
Range 0 to the value that is specified, in seconds, in the Nonce maximum age field.

Distribute nonce caching

[V6 only]

Enables distributed caching for the nonce value by using a Data Replication Service (DRS) (ND only).

For transitioning users: In previous releases of WAS, the nonce value was cached locally. trns

By selecting this option, the nonce value is propagated to other servers in your environment. However, the nonce value might be subject to a one-second delay in propagation and subject to any network congestion.

Enable cryptographic operations on hardware device

Enables cryptographic operations on hardware devices. Enabling this feature might improve the performance, depending on the hardware device.

Cryptographic hardware configuration name

Name of the hardware device configuration name that is defined in the keystore settings in the secure communications.

This value is necessary only if Hardware acceleration has been selected.




 

Related tasks


Securing Web services for V5.x applications based on WS-Security
Securing Web services applications using JAX-RPC at the message level

 

Related Reference

Login mappings collection
Login mapping configuration settings

 

Reference topic