Nonce is a randomly generated, cryptographic token that
is used to prevent the theft of username tokens, which are used with
SOAP messages. Nonce is used in conjunction with the basic authentication
(BasicAuth) method. You can configure nonce for the cell level by
using the WebSphere® Application Server administrative
console.
About this task
Important: The information supports Version 5.x applications
only that are used with WebSphere Application Server Version
6.0.x and later. The information does not apply to Version
6 and later applications.
You can configure nonce at the
application level, the server level, and cell level. However, you
must consider the order of precedence:
- Application level
- Server level
- Cell level
If you configure nonce on the application level and the server
level, the values specified for the application level take precedence
over the values specified for the server level. Likewise, the values
specified for the application level take precedence over the values
specified for the server level and the cell level. In
WebSphere Application Server, Network Deployment, the
Nonce
cache timeout,
Nonce maximum age,
and
Nonce clock skew fields are required to
use nonce effectively. However, these fields are optional on the server
level. Complete the following steps to configure nonce on the cell
level: