Operating Systems: i5/OS
Personalize the table of contents and search results
Default bindings for Web services security
Use this page to specify the configuration on the cell level in
a WebSphere Application Server Network Deployment environment. In addition,
use this page to define the default generator bindings, default consumer bindings,
and additional properties such as key locators, the collection certificate
store, trust anchors, trusted ID evaluators, algorithm mappings, and login
mappings.
To view this administrative console page for the cell
level, click Security > Web Services.
To define the server-side configuration, click Servers > Application
Servers > server_name . Under Security, click Web Services:
Default bindings for Web Services Security.
Nonce is a unique cryptographic number embedded in a message to
help stop repeated, unauthorized attacks of user name tokens. In a WebSphere
Application Server Network Deployment environment, specify values
for the Nonce cache timeout, the Nonce maximum age, and the Nonce clock skew
fields for the cell level.
The default binding configuration provides a central location where reusable
binding information is defined. The application binding file can reference
the information in the default binding configuration.
- Nonce cache timeout
![[V5 and 6 only]](../../v5v6app.gif)
-
Timeimeout value, in seconds, for the nonce value that
is cached on the server. Nonce is a randomly generated value.
The maximum value for the Nonce maximum age field cannot exceed the number
of seconds that is specified for this Nonce cache timeout field.
The Nonce cache timeout field is required for the cell level. If you make
changes to the field value, restart WebSphere Application Server
for the changes to take effect.
| Default
| 600 seconds
|
| Minimum
| 300 seconds
|
- Nonce maximum age
-
Timeime, in seconds, before the nonce time stamp expires.
Nonce is a randomly generated value.
The value that is specified in this cell-level field is the maximum value
that you can specify for the Nonce maximum age field for the server level.
You can specify the Nonce maximum age value for the server level by clicking Servers
> Application servers > server_name. Under Additional Properties,
click Web Services: Default bindings for Web services security.
The Nonce maximum age field is required for the cell level.
| Default
| 300 seconds
|
| Range
| 300 to the Nonce cache timeout value in seconds
|
- Nonce clock skew
-
Specifies the clock skew value, in seconds, to consider when WebSphere
Application Server checks the timeliness of the message. Nonce is a randomly
generated value.
The Nonce clock skew field is required for the cell level.
| Default
| 0 seconds
|
| Range
| 0 to the Nonce maximum age value, in seconds
|
- Distribute nonce caching
![[V6 only]](../../v6plusapp.gif)
-
Enables distributed caching for nonce using a Data Replication
Service (DRS). In previous releases of WebSphere Application Server, the nonce
was cached locally. By selecting this option, the nonce is propagated to other
servers in your environment. However, the nonce might be subject to a one-second
delay in propagation and subject to any network congestion.
Related tasks
Configuring tokens using JAX-RPC to protect message authenticity at
the server or cell level
Related Reference
Signing information collection Encryption information collection Key information collection Token generator collection Key locator collection Collection certificate store collection Trust anchor collection Trusted ID evaluator collection Algorithm mapping collection
Reference topic