Configuring nonce using Web Services Security tokens
Nonce is a randomly generated, cryptographic token that is used to thwart the highjacking of user name tokens, which are used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method.
About this task
Important: The information supports Version 5.x applications
only that are used with WebSphere® Application Server
Version 6.0.x and later. The information does not apply to
Version 6.0.x and later applications.
You can configure nonce at the application level, the server level, and cell level.
If you configure nonce on the application level and the server level, the values specified for the application level take precedence over the values specified for the server level.
Likewise, the values specified for the application level take precedence over the values specified for the server level and cell level.
You
must consider the order of precedence:
- Application level
- Server level
- Cell level
Complete these high-level tasks in the order listed:
Procedure
- Configure nonce for the application level.
- Configure nonce for the server level.
- Configure nonce for the cell level.