Set nonce using WS-Security tokens
Nonce is a randomly generated, cryptographic token used to thwart the highjacking of user name tokens, which are used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method.
The information in this article supports V 5.x applications only that are used with WAS V 6.0.x and later. The information does not apply to V6.0.x and later applications.
You can configure nonce at the application level, the server level, and cell level.
If we configure nonce on the application level and the server level, the values specified for the application level take precedence over the values specified for the server level.
Likewise, the values specified for the application level take precedence over the values specified for the server level and cell level. You must consider the order of precedence:
- Application level
- Server level
- Cell level
Complete these high-level tasks in the order listed:
- Set nonce for the application level.
- Set nonce for the server level.
- Configure nonce for the cell level.
Next steps
After completing these steps, restart the server if it has not already been restarted.
Set nonce for the server level
Set nonce for the application level
Set nonce for the cell level
Related concepts
Nonce, a randomly generated token
Related tasks
Secure Web services for V5.x applications using XML digital signature
Related
Default bindings and security runtime properties