ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/sectuweb.htm

27 lines
2.0 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Tune Web authentication</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h3><a name="sectuweb"></a>Tune Web authentication</h3>
<p>To tune the Web authentication process, consider the following steps:</p>
<ol>
<li><p>If you feel your environment is secure enough, consider increasing the cache and token time-out settings. (These settings are available as general properties on the Global Security panel in the WebSphere administrative console.) By doing so, re-authentication is less frequently required. This action allows subsequent requests to more frequently reuse the credentials that are already created. The downside of increasing the token time-out is the exposure of having a token highjacked. The higher time-out setting provides the highjacker more time to hack into the system before the token expires. You can use security cache properties to determine the initial size of the primary and secondary Hashtable caches, which affect the frequency of rehashing and the distribution of the hash algorithms. See <a href="seccache.htm">Security cache properties</a> for a list of these properties.</p></li>
<li><p>Consider enabling Single sign-on (SSO). SSO is only available when you select LTPA as the authentication mechanism in the Global Security panel of the WebSphere administrative console. When you select SSO, a single authentication to one application server is adequate to make requests to multiple application servers in the same SSO domain. There are some situations where SSO is not desirable, so SSO should not be used in these situations. For more information about SSO, see <a href="seccsso.htm">Configure single-sign on</a>.</p></li>
</ol>
</body>
</html>