Why and when to perform this task
Nonce is a randomly generated, cryptographic token used to prevent the theft of username tokens used with Simple Object Access Protocol (SOAP) messages. Nonce is used in conjunction with the BasicAuth authentication method.
This task provides instructions on how to configure nonce for the server level using the WebSphere Application Server administrative console.
In a WebSphere Application Server or WebSphere Application Server Express environment, you must specify values for the Nonce cache timeout, Nonce maximum age, and Nonce clock skew fields on the server level to use nonce effectively.
Complete the following steps to configure nonce on the server level:
Steps for this task
The value specified for the Nonce Maximum Age field indicates how long the nonce is valid. You must specify a minimum of 300 seconds, but the value cannot exceed the number of seconds specified for the Nonce cache timeout field on the server level.
Related concepts
Nonce, a randomly generated token
Username token element
Related tasks
Configuring nonce for the application level