Why and when to perform this task
Important: The information in this article supports Version
5.x applications only that are used with WebSphere Application Server Version
6.0.x and later. The information does not apply to Version 6.0.x and later
applications.
Nonce is a randomly generated, cryptographic
token used to thwart the highjacking of username tokens used with Simple Object
Access Protocol (SOAP) messages. Nonce is used in conjunction with the basicauth authentication
method.
This task provides instructions on how to configure nonce for
the cell level using the WebSphere Application Server administrative console.
You can configure nonce at the application level, the server level, and cell
level. However, you must consider the order of precedence. The following list
shows the order of precedence:
- Application level
- Server level
- Cell level
If you configure nonce on the application level and the server level,
the values specified for the application level take precedence over the values
specified for the server level. Likewise, the values specified for the application
level take precedence over the values specified for the server level and the
cell level. In WebSphere Application Server Network Deployment, the Nonce
cache timeout, Nonce maximum age, and Nonce clock skew fields are required
to use nonce effectively. However, these fields are optional on the server
level. Complete the following steps to configure nonce on the cell level: