Renew OTDS certificate

open the url: https://otds_app_host-app02/otdsws/rest/systemconfig/certificate_content

and make a single line, and paste to the file: otdsauth.properties located at D:\Documentum\tomcat9.0.85\webapps\OTDSAuthentication\WEB-INF\classes in Content Server.

Below is the screenshot:

Restart JMS.

Verify – your application must work.

2 thoughts on “Renew OTDS certificate

  1. Original error:

    2024-11-13 12:37:01.713|INFO |[main]|DirSyncFactory||DirSyncFactory::startTenantPartitions: Running as Synchronization Master Host
    2024-11-13 12:37:01.738|INFO |[main]|OtdsServletContext||=============================================================================================
    2024-11-13 12:37:01.739|INFO |[main]|OtdsServletContext||OTDS STARTED
    2024-11-13 12:37:01.739|INFO |[main]|OtdsServletContext||=============================================================================================
    2024-11-13 12:37:02.356|INFO |[pool-9-thread-1]|DirSyncEngine||DirSyncEngine::pingConnections: Partition: connected to server: ldaps://lvdc1
    2024-11-13 12:37:02.735|INFO |[https-openssl-nio-443-exec-6]|OtdsSessionCache||OTDS Session Cache Cleaner started
    2024-11-13 12:37:02.744|INFO |[DirSyncEngine ]|DirSyncEngine||DirSyncEngine::Run: Partition – Activated.
    2024-11-13 12:37:04.682|INFO |[pool-15-thread-1]|SPSCTSLicenseManager||Loading license keys…
    2024-11-13 12:37:04.684|INFO |[pool-15-thread-1]|SPSCTSLicenseManager||License keys loaded.
    2024-11-13 12:37:06.856|INFO |[https-openssl-nio-443-exec-1]|OtdsAsConfig||OTDS-AS keystore loaded
    2024-11-13 12:42:01.059|INFO |[pool-15-thread-1]|ExpiryNotifier||Scheduling frequency for SPS expiry notification checking: 24 hours
    2024-11-13 14:04:13.042|INFO |[http-nio-8090-exec-10]|Registry||Oracle EBS authentication handler is not available
    2024-11-13 14:08:24.688|WARN |[https-openssl-nio-443-exec-8]|SAML2Handler||Error processing SAML response. Response: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZ
    com.opentext.otds.OtdsException: missing nonce cookie – check for hostname inconsistency
    at com.opentext.otds.as.drivers.saml.SAML2Handler.processAssertionResponse(SAML2Handler.java:1828) ~[otds-as-as-22.4.0.jar:22.4.0]
    at com.opentext.otds.as.drivers.saml.SAML2Handler.processAuthResponse(SAML2Handler.java:1907) [otds-as-as-22.4.0.jar:22.4.0]
    at com.opentext.otds.as.drivers.saml.SAML2Handler.process(SAML2Handler.java:2496) [otds-as-as-22.4.0.jar:22.4.0]
    at com.opentext.otds.as.OtdsAuthenticationManager.authenticate(OtdsAuthenticationManager.java:1143) [otds-as-as-22.4.0.jar:22.4.0]
    at com.opentext.otds.auth.ASHTTPService.handleAuthenticationRequest(ASHTTPService.java:847) [otds-auth-22.4.0.jar:22.4.0]
    at com.opentext.otds.auth.ASHTTPService.service(ASHTTPService.java:1051) [otds-auth-22.4.0.jar:22.4.0]
    at com.opentext.otds.auth.AsServlet.service(AsServlet.java:30) [otds-auth-22.4.0.jar:22.4.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:223) [catalina.jar:10.0.11]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-websocket.jar:10.0.11]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
    at com.opentext.otds.as.TenantFilter.doFilter(TenantFilter.java:223) [otds-as-as-22.4.0.jar:22.4.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
    at com.opentext.otds.as.CorsFilter.doFilter(CorsFilter.java:117) [otds-as-as-22.4.0.jar:22.4.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) [catalina.jar:10.0.11]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [catalina.jar:10.0.11]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [catalina.jar:10.0.11]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:119) [catalina.jar:10.0.11]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [catalina.jar:10.0.11]
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) [catalina.jar:10.0.11]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [catalina.jar:10.0.11]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353) [catalina.jar:10.0.11]
    at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:413) [tomcat-coyote.jar:10.0.11]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:10.0.11]
    at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:74) [tomcat-coyote.jar:10.0.11]
    at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) [tomcat-coyote.jar:10.0.11]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:10.0.11]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:10.0.11]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:10.0.11]
    at java.lang.Thread.run(Thread.java:829) [?:?]

  2. Troubleshooting:
    otdsws login. Works. Attempt to check dev tools.
    Cookies ahve secure checked but no same site.
    Checked otds url. HTTPS works.
    Might be certificate issue.
    Checking otdsauth.log.
    Error.
    Checking otdsauth.properties.
    certificate.
    Go to URL. Copy certificate out.
    Update all 3 Documentum Server hosts.
    Restart JMS on each after the change.
    After they were able to login to their XCP application with SSO.

Leave a Reply

Your email address will not be published. Required fields are marked *