You can configure nonce for the server by using the WebSphere® Application Server administrative console.
Nonce is a randomly generated, cryptographic token that is used to prevent replay attacks of user name tokens that are used with SOAP messages. Typically, nonce is used with the user name token.
You can configure nonce at the application level and the server level. However, you must consider the order of precedence.
The following list shows the order of precedence:The application level settings for the nonce maximum age and nonce clock skew fields are specified through the additional properties.
If you configure nonce on the application level and the server level, the values that are specified for the application level take precedence over the values that are specified for the server level. Likewise, the values that are specified for the application level take precedence over the values specified for the server level. Complete the following steps to configure nonce on the server level:
Complete the following steps to configure a nonce on the server level: