Distributed
nonce caching enables you to distribute the
cache for a nonce to different servers in a cluster.
Before you begin
Before configuring distributed nonce caching,
configure
cache replication.
For more information, read
about configuring cache replication.
Important: When you
configure the cache replication, do not use the default value of a
single replica for the Number of replicas for dynamic cache replication
domains. Instead, use a full group replica for any replication domains
that you configure for dynamic cache. If you cannot select the option,
verify your cache replication configuration.
About this task
In previous releases of WebSphere® Application
Server, the nonce was cached locally. To use this feature, you must
complete the following actions:
Procedure
- Verify that you created an appropriate domain setting when
you form a cluster.
For
more information, read about creating clusters.
- Verify that replication domain is properly secured. The nonce cache is crucial to the integrity of the nonce validation
process. If the nonce cache is compromised, then you cannot trust
the result of the validation process.
- In the administrative console for the cell
level, set the Distribute nonce caching option by enabling the distributed
cache option in the Security cache panel. You can enable
the option by completing the following steps:
- Click
- Click
the check box to select the Enable distributed
caching option.
- Verify that the dynamic cache service is
enabled for each one of the application servers in your cluster. To access the dynamic cache service through the administrative
console, complete the following steps:
- Click Servers >
Server Types > WebSphere application
servers > server_name.
- Under
Container settings, click Container services >
Dynamic cache service.
- Confirm that
the Enable service at server startup option
is selected.
- In the administrative
console for the server level, select
the Distribute nonce caching option. You can enable
the option by completing the following steps:
- Click Security > Web services.
- Select the Distribute nonce caching option.
- Restart the servers within your cluster.
Results
When you select the
Distribute nonce caching option
in the administrative console, the nonce is propagated to other servers
in your environment. However, the nonce might be subject to a one-second
delay in propagation and subject to any network congestion.
What to do next
For more information on distributed nonce caching, see
Web Services Security enhancements.