WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results
             New or updated topic for this feature pack

Configuring WS-SecureConversation to work with WS-ReliableMessaging

Configure secure conversation to expect the reliable messaging headers to be signed, and to ensure that the scoping security context token does not expire before reliable messaging recovers and resends persistent messages.

Procedure




In this information ...


IBM Redbooks, demos, education, and more


Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

IBM Suggests

Configure secure conversation to expect the reliable messaging headers to be signed

About this task

Although the secure conversation policy can be configured to allow message headers to remain unsigned, the reliable messaging policy requires the reliable messaging headers to be signed. If you want to use secure conversation and reliable messaging policies in the same policy set, the secure conversation bindings must be configured to require that the reliable messaging headers are signed. To achieve this, complete one of the following steps:

Procedure

Configure secure conversation to ensure that the scoping security context token does not expire too soon

About this task

When you use a persistent RAMP profile with WS-SecureConversation, if the scoping security context token is expired when the server is restarted then WS-ReliableMessaging cannot resend its messages and system messages are written to the log file stating that the reliable messaging sequence was not secured using the correct security token.

To ensure that the scoping security context token does not expire before WS-ReliableMessaging can recover and resend its messages, use the administrative console to complete the following steps:

Procedure

  1. In the navigation pane, click Services > Secure conversation client cache. The Secure conversation client cache detail form is displayed.
  2. Set the following values for the secure conversation client cache:
    1. Set the Time token is in cache after timeout property to a value of at least 120 minutes. This value specifies the length of time to keep tokens after they expire. By default, this is 10 minutes. These expired tokens can be used for reliable messaging recovery.
    2. Select the Distribute cache among clustered servers check box.
  3. In the navigation pane, click Services > Trust service > Token providers . In the content pane, select a security context token. The Security Context Token detail form is displayed.
  4. Set the following values for the security context token:
    1. Check that the Time in cache after expiration property is set to a value of at least 120 minutes.
    2. Check that the Token timeout property is set to a value of at least 120 minutes.
    3. Select the Allow renewal after timeout check box.
    4. Select the Distributed cache check box.
  5. Save your changes to the master configuration.
Task topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/twbs_wsrm_policy_config_wssc.html