Manually renew certificate:
open the url: https://otds_app_host-app02/otdsws/rest/systemconfig/certificate_content
and make a single line, and paste to the file: otdsauth.properties located at D:\Documentum\tomcat9.0.85\webapps\OTDSAuthentication\WEB-INF\classes in Content Server.
Below is the screenshot:
Restart JMS.
Verify – your application must work.
In general, how long is a new OTDS certificate valid for?
If you save the certificate to a file in Windows with a .cer extension, then you can check the expiration date and time. That said OTDS will automatically generate a new certificate exactly 4 weeks prior to that expiration date.
How to configure as auto-renew:
using chrome, hit this url at OTDS server to ensure you see the following screen:
Please note: if the above is not working, ensure that GET command is working:
now, go to CS, and add the following lines to otdsauth.properties file:
auto_cert_refresh=true
cert_jwks_url=https://lvdmsprdapp02/otdsws/oauth2/jwks
then, restart JMS. Repeat the last step to all CS.
Original error:
2024-11-13 12:37:01.713|INFO |[main]|DirSyncFactory||DirSyncFactory::startTenantPartitions: Running as Synchronization Master Host
2024-11-13 12:37:01.738|INFO |[main]|OtdsServletContext||=============================================================================================
2024-11-13 12:37:01.739|INFO |[main]|OtdsServletContext||OTDS STARTED
2024-11-13 12:37:01.739|INFO |[main]|OtdsServletContext||=============================================================================================
2024-11-13 12:37:02.356|INFO |[pool-9-thread-1]|DirSyncEngine||DirSyncEngine::pingConnections: Partition: connected to server: ldaps://lvdc1
2024-11-13 12:37:02.735|INFO |[https-openssl-nio-443-exec-6]|OtdsSessionCache||OTDS Session Cache Cleaner started
2024-11-13 12:37:02.744|INFO |[DirSyncEngine ]|DirSyncEngine||DirSyncEngine::Run: Partition – Activated.
2024-11-13 12:37:04.682|INFO |[pool-15-thread-1]|SPSCTSLicenseManager||Loading license keys…
2024-11-13 12:37:04.684|INFO |[pool-15-thread-1]|SPSCTSLicenseManager||License keys loaded.
2024-11-13 12:37:06.856|INFO |[https-openssl-nio-443-exec-1]|OtdsAsConfig||OTDS-AS keystore loaded
2024-11-13 12:42:01.059|INFO |[pool-15-thread-1]|ExpiryNotifier||Scheduling frequency for SPS expiry notification checking: 24 hours
2024-11-13 14:04:13.042|INFO |[http-nio-8090-exec-10]|Registry||Oracle EBS authentication handler is not available
2024-11-13 14:08:24.688|WARN |[https-openssl-nio-443-exec-8]|SAML2Handler||Error processing SAML response. Response: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZ
com.opentext.otds.OtdsException: missing nonce cookie – check for hostname inconsistency
at com.opentext.otds.as.drivers.saml.SAML2Handler.processAssertionResponse(SAML2Handler.java:1828) ~[otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.as.drivers.saml.SAML2Handler.processAuthResponse(SAML2Handler.java:1907) [otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.as.drivers.saml.SAML2Handler.process(SAML2Handler.java:2496) [otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.as.OtdsAuthenticationManager.authenticate(OtdsAuthenticationManager.java:1143) [otds-as-as-22.4.0.jar:22.4.0]
at com.opentext.otds.auth.ASHTTPService.handleAuthenticationRequest(ASHTTPService.java:847) [otds-auth-22.4.0.jar:22.4.0]
at com.opentext.otds.auth.ASHTTPService.service(ASHTTPService.java:1051) [otds-auth-22.4.0.jar:22.4.0]
at com.opentext.otds.auth.AsServlet.service(AsServlet.java:30) [otds-auth-22.4.0.jar:22.4.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:223) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-websocket.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at com.opentext.otds.as.TenantFilter.doFilter(TenantFilter.java:223) [otds-as-as-22.4.0.jar:22.4.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at com.opentext.otds.as.CorsFilter.doFilter(CorsFilter.java:117) [otds-as-as-22.4.0.jar:22.4.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185) [catalina.jar:10.0.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [catalina.jar:10.0.11]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:119) [catalina.jar:10.0.11]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [catalina.jar:10.0.11]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) [catalina.jar:10.0.11]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [catalina.jar:10.0.11]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353) [catalina.jar:10.0.11]
at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:413) [tomcat-coyote.jar:10.0.11]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:10.0.11]
at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:74) [tomcat-coyote.jar:10.0.11]
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) [tomcat-coyote.jar:10.0.11]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:10.0.11]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:10.0.11]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:10.0.11]
at java.lang.Thread.run(Thread.java:829) [?:?]
Troubleshooting:
otdsws login. Works. Attempt to check dev tools.
Cookies ahve secure checked but no same site.
Checked otds url. HTTPS works.
Might be certificate issue.
Checking otdsauth.log.
Error.
Checking otdsauth.properties.
certificate.
Go to URL. Copy certificate out.
Update all 3 Documentum Server hosts.
Restart JMS on each after the change.
After they were able to login to their XCP application with SSO.