open the url: https://otds_app_host-app02/otdsws/rest/systemconfig/certificate_content
and make a single line, and paste to the file: otdsauth.properties located at D:\Documentum\tomcat9.0.85\webapps\OTDSAuthentication\WEB-INF\classes in Content Server.
Below is the screenshot:
Restart JMS.
Verify – your application must work.
Original error:
2024-11-13 12:37:01.713|INFO |[main]|DirSyncFactory||DirSyncFactory::startTenantPartitions: Running as Synchronization Master Host
2024-11-13 12:37:01.738|INFO |[main]|OtdsServletContext||=============================================================================================
2024-11-13 12:37:01.739|INFO |[main]|OtdsServletContext||OTDS STARTED
2024-11-13 12:37:01.739|INFO |[main]|OtdsServletContext||=============================================================================================
2024-11-13 12:37:02.356|INFO |[pool-9-thread-1]|DirSyncEngine||DirSyncEngine::pingConnections: Partition: connected to server: ldaps://lvdc1
2024-11-13 12:37:02.735|INFO |[https-openssl-nio-443-exec-6]|OtdsSessionCache||OTDS Session Cache Cleaner started
2024-11-13 12:37:02.744|INFO |[DirSyncEngine ]|DirSyncEngine||DirSyncEngine::Run: Partition – Activated.
2024-11-13 12:37:04.682|INFO |[pool-15-thread-1]|SPSCTSLicenseManager||Loading license keys…
2024-11-13 12:37:04.684|INFO |[pool-15-thread-1]|SPSCTSLicenseManager||License keys loaded.
2024-11-13 12:37:06.856|INFO |[https-openssl-nio-443-exec-1]|OtdsAsConfig||OTDS-AS keystore loaded
2024-11-13 12:42:01.059|INFO |[pool-15-thread-1]|ExpiryNotifier||Scheduling frequency for SPS expiry notification checking: 24 hours
2024-11-13 14:04:13.042|INFO |[http-nio-8090-exec-10]|Registry||Oracle EBS authentication handler is not available
2024-11-13 14:08:24.688|WARN |[https-openssl-nio-443-exec-8]|SAML2Handler||Error processing SAML response. Response: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZ
com.opentext.otds.OtdsException: missing nonce cookie – check for hostname inconsistency
at com.opentext.otds.as.drivers.saml.SAML2Handler.processAssertionResponse(SAML2Handler.java:1828) ~[otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.as.drivers.saml.SAML2Handler.processAuthResponse(SAML2Handler.java:1907) [otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.as.drivers.saml.SAML2Handler.process(SAML2Handler.java:2496) [otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.as.OtdsAuthenticationManager.authenticate(OtdsAuthenticationManager.java:1143) [otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.auth.ASHTTPService.handleAuthenticationRequest(ASHTTPService.java:847) [otds-auth-22.4.0.jar:22.4.0]
at com.opentext.otds.auth.ASHTTPService.service(ASHTTPService.java:1051) [otds-auth-22.4.0.jar:22.4.0]
at com.opentext.otds.auth.AsServlet.service(AsServlet.java:30) [otds-auth-22.4.0.jar:22.4.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:223) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-websocket.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at com.opentext.otds.as.TenantFilter.doFilter(TenantFilter.java:223) [otds-as-as-22.4.0.jar:22.4.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at com.opentext.otds.as.CorsFilter.doFilter(CorsFilter.java:117) [otds-as-as-22.4.0.jar:22.4.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [catalina.jar:10.0.11]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:119) [catalina.jar:10.0.11]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [catalina.jar:10.0.11]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [catalina.jar:10.0.11]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353) [catalina.jar:10.0.11]
at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:413) [tomcat-coyote.jar:10.0.11]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:10.0.11]
at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:74) [tomcat-coyote.jar:10.0.11]
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) [tomcat-coyote.jar:10.0.11]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:10.0.11]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:10.0.11]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:10.0.11]
at java.lang.Thread.run(Thread.java:829) [?:?]
Troubleshooting:
otdsws login. Works. Attempt to check dev tools.
Cookies ahve secure checked but no same site.
Checked otds url. HTTPS works.
Might be certificate issue.
Checking otdsauth.log.
Error.
Checking otdsauth.properties.
certificate.
Go to URL. Copy certificate out.
Update all 3 Documentum Server hosts.
Restart JMS on each after the change.
After they were able to login to their XCP application with SSO.