+

Search Tips   |   Advanced Search

Distributing nonce caching to servers in a cluster


Distributed nonce caching enables you to distribute the cache for a nonce to different servers in a cluster.

Before configuring distributed nonce caching, configure cache replication.

See, read about configuring cache replication.

When you configure the cache replication, do not use the default value of a single replica for the Number of replicas for dynamic cache replication domains. Instead, use a full group replica for any replication domains that you configure for dynamic cache. If we cannot select the option, verify the cache replication configuration.

In previous releases of WAS, the nonce was cached locally. To use this feature, complete the following actions:

 

  1. Verify createdd an appropriate domain setting when you form a cluster.

    For more information, read about creating clusters.

  2. Verify that replication domain is properly secured.

    The nonce cache is crucial to the integrity of the nonce validation process. If the nonce cache is compromised, then we cannot trust the result of the validation process.

  3. In the admin console for the cell level, set the Distribute nonce caching option by enabling the distributed cache option in the Security cache panel. We can enable the option by completing the following steps:

    1. Click Services > Security cache

    2. Click the check box to select the Enable distributed caching option.

  4. Verify that the dynamic cache service is enabled for each one of the appservers in the cluster.

    To access the dynamic cache service through the admin console...

    1. Click Servers > Server Types > WebSphere application servers > myserver.

    2. Under Container settings, click Container services > Dynamic cache service.

    3. Confirm that the Enable service at server startup option is selected.

  5. In the admin console for the server level, select the Distribute nonce caching option. We can enable the option by completing the following steps:

    1. Click Security > Web services.

    2. Select the Distribute nonce caching option.

  6. Restart the servers within the cluster.

 

Results

When you select the Distribute nonce caching option in the admin console, the nonce is propagated to other servers in the environment. However, the nonce might be subject to a one-second delay in propagation and subject to any network congestion.

 

Next steps

See on distributed nonce caching, see WS-Security enhancements.

 

Related concepts


Nonce, a randomly generated token
WS-Security enhancements
Distributed nonce cache

 

Related tasks


Set cache replication
Create clusters
Set WS-Security using JAX-RPC at the platform level

 

Related


Security considerations for Web services