Nonce is a randomly generated,
cryptographic token that
is used to prevent the theft of username tokens, which are used with
SOAP messages. Nonce is used in conjunction with the basic authentication
(BasicAuth) method. You can configure nonce for the cell level by
using the WebSphere® Application Server administrative
console.
About this task
Important: The
information in this article supports
Version 5.x applications only that are used with WebSphere Application Server Version 6.0.x and
later. The information does not apply to Version 6 and later applications.
You
can configure nonce at the application level, the server level, and
cell level. However, you must consider the order of precedence:
- Application
level
- Server level
- Cell level
If you configure nonce on the application
level and the server
level, the values specified for the application level take precedence
over the values specified for the server level. Likewise, the values
specified for the application level take precedence over the values
specified for the server level and the cell level. In
WebSphere Application Server, Network Deployment, the
Nonce
cache timeout,
Nonce maximum age,
and
Nonce clock skew fields are required to
use nonce effectively. However, these fields are optional on the server
level. Complete the following steps to configure nonce on the cell
level: