[Version 5 only]WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Web services: Default bindings for the Web services security collection

Use this page to configure the settings for nonce on the server level and to manage the default bindings for the signing information, encryption information, key information, token generators, token consumers, key locators, collection certificate store, trust anchors, trusted ID evaluators, algorithm mappings, and login mappings.

Important distinction between Version 5.x and Version 6.0.x applications
Note: The information in this article supports version 5.x applications only that are used with WebSphere Application Server Version 6.0.x. The information does not apply to version 6.0.x applications.
To view this administrative console page for the server level, complete the following steps:
  1. Click Servers > Application Servers > server_name.
  2. Under Security, click Web services: Default bindings for Web services security.

Read the Web services documentation before you begin defining the default bindings for Web services security.

Nonce is a unique cryptographic number that is embedded in a message to help stop repeat, unauthorized attacks of user name tokens. In WebSphere Application Server and WebSphere Application Server Express, you must specify values for the Nonce cache timeout, Nonce maximum age, and Nonce clock skew fields for the server-level.

The default binding configuration provides a central location where reusable binding information is defined. The application binding file can reference the information that is contained in the default binding configuration.

Nonce cache timeout

Specifies the timeout value, in seconds, for the nonce cached on the server. Nonce is a randomly generated value.

The Nonce cache timeout field is required on the server level

If you make changes to the value for the Nonce cache timeout field, you must restart WebSphere Application Server for the changes to take effect.

Default 600 seconds
Minimum 300 seconds
Nonce maximum age

Specifies the default time, in seconds, before the nonce timestamp expires. Nonce is a randomly generated value.

The maximum value cannot exceed the number of seconds that is specified in the Nonce cache timeout field for the server level.

The Nonce maximum age field is required on the server level.

Default 300 seconds
Range 300 to the value that is specified, in seconds, in the Nonce cache timeout field.
Nonce clock skew

Specifies the default clock skew value, in seconds, to consider when WebSphere Application Server checks the timeliness of the message. Nonce is a randomly generated value.

The maximum value cannot exceed the number of seconds that is specified in the Nonce maximum age field.

The Nonce clock skew field is required.

Default 0 seconds
Range 0 to the value that is specified, in seconds, in the Nonce maximum age field.
Distribute nonce caching

Enables distributed caching for the nonce value using a Data Replication Service (DRS).

In previous releases of WebSphere Application Server, the nonce value cached locally. By selecting this option, the nonce value is propagated to other servers in your environment. However, the nonce value might be subject to a one-second delay in propagation and subject to any network congestion.




Related concepts
Digital certificates

Related tasks
Requesting certificate authority-signed personal certificates
Securing Web services for version 5.x applications based on WS-Security

Related reference
Login mappings collection
Login mapping configuration settings

Reference topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/uwbs_websvcb.html

© Copyright IBM Corporation 2003, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)