You can configure nonce for the server or cell by using the WebSphere Application Server administrative console.
Nonce is a randomly generated, cryptographic token that is used to prevent replay attacks of user name tokens that are used with SOAP messages. Typically, nonce is used with the user name token.
You can configure nonce at the application level, the server level, and the cell level. However, you must consider the order of precedence.
The following list shows the order of precedence:The application level settings for the nonce maximum age and nonce clock skew fields are specified through the additional properties.
If you configure nonce on the application level and the server level, the values that are specified for the application level take precedence over the values that are specified for the server level. Likewise, the values that are specified for the application level take precedence over the values that are specified for the server level and the cell level. In the WebSphere Application Server Network Deployment environment, the Nonce cache timeout, Nonce maximum age, and Nonce clock skew fields are required to use nonce effectively. However, these fields are optional on the server level.
You can configure a nonce on the server level and the cell level. In the following steps, use the first step to access the server-level default bindings and use the second step to access the cell-level bindings.
Complete the following steps to configure a nonce on the server or cell level:
In this information ... | IBM Redbooks, demos, education, and more |