Security cache settings

Security cache settings

To configure the Web Services Secure Conversation (WS-SecureConversation) security local and distributed cache settings using the admin console.
To view this admin console page, click Services > Security cache.

Time token is in cache after timeout

Sets the time that the token remains in cache after the token times out.
This field specifies the number of minutes for the time the token is in cache after the token expiration time expires (cache persist period). For example, if we specify 30 minutes, the token is kept in cache for this time period after the token expiration time. The default value is 10 minutes, which is the minimum number of minutes that is allowed.

Data type: Integer
Default: 10 (minutes)

Renewal interval before token timeout

Sets the time period before expiration that the client attempts to renew the token.
This field specifies the period of time, in minutes, before expiration that the client attempts to renew the token. This setting must specify a period of time that is longer than the time for the longest transaction or else the token might expire during the transaction. This time must include time for transport to and from the server, processing by the server, and any time delay that is because of time used for reliable messaging, when applicable. The default value is 10 minutes, which is the minimum number of minutes that is allowed.
If the Security Context Token is renewed too often, it might cause Web Services Secure Conversation (WS-SecureConversation) to fail or even cause an out-of-memory error to occur. It is required set the renewal interval before the token expires value for the security cache to a value less than the token timeout value for the Security Context Token. It is also suggested that the token timeout value be at least two times the renewal interval before the token expires value.

Data type: Integer
Default: 10 (minutes)

Enable distributed caching

Whether distributed caching is enabled or disabled. If distributed caching is enabled, select distributed cache settings.
Use this check box to specify whether to use distributed caching when the server is in a clustered environment and when the tokens are shared across the cluster.

Data type: Check box
Default: No distributed caching (unchecked)

When the checkbox is selected to enable distributed caching, choose one of the following settings for updating the caches.

Button Resulting Action
Synchronous update of cluster members Performs synchronous update of cache objects on cluster members (default).
Asynchronous update of cluster members Performs a non-synchronous update of the cache on cluster members. This setting allows interoperability with cluster members that use the older style of updating as implemented in versions of IBM WAS prior to version 7.0.
Token recovery support Assigns a shared data source as the distributed cache.

If token recovery support is selected as the update method, then select a cell level data source using the drop-down list. Token state data is saved in the database defined as the data source. If there are no available data sources in the list, click on Manage data sources to add one or more new data source objects. The data source object supplies an application with connections for accessing the database.

Related concepts

Secure conversation client cache and trust service configuration

Related tasks

Set the WS-Security distributed cache

Related

Data source collection

Data type:	Check box
Default:	No distributed caching (unchecked)

Button	Resulting Action
Synchronous update of cluster members	Performs synchronous update of cache objects on cluster members (default).
Asynchronous update of cluster members	Performs a non-synchronous update of the cache on cluster members. This setting allows interoperability with cluster members that use the older style of updating as implemented in versions of IBM WAS prior to version 7.0.
Token recovery support	Assigns a shared data source as the distributed cache.