{"id":41740,"date":"2025-12-03T20:50:00","date_gmt":"2025-12-03T19:50:00","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=41740"},"modified":"2026-02-25T21:16:54","modified_gmt":"2026-02-25T20:16:54","slug":"dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/","title":{"rendered":"Dctm – D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE"},"content":{"rendered":"\n

After doing some more upgrades from Documentum 20.2 to 23.4, including D2, I faced a funny error about invalid licenses (DM_LICENSE_E_INVALID_LICENSE) while trying to login to D2 through OTDS SSO. That’s interesting because there is no license management for Documentum in 23.x, it only starts from 24.4 onwards. This is the (pretty) error in question:<\/p>\n\n\n\n

\"D2\n\t\t\t\n\t\t\t\t\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n

As a disclaimer, this customer is using D2 23.4 but with OTDS 24.4. I haven’t tried with an OTDS 23.4, so it is not impossible that the page might look different\u2026 For information, this error might be caused by multiple factors. The most common one is when you are already authenticated in OTDS (either through \/otds-admin\/ or even through another end-user Application like another D2 Repository) and trying to access a Repository for which you do not have an account. In this case you will get the message “DM_LICENSE_E_INVALID_LICENSE<\/strong><\/em>“. Trying to open another D2 will not change who you are currently logged in with, even if the SSO is enabled, and it will just re-use the current cookie (“http.cookie<\/em><\/strong>” being the higher priority Auth Handler in OTDS, for performance reasons).<\/p>\n\n\n\n

At that time, the D2 logs was showing the following:<\/p>\n\n\n

\n2025-10-08 13:22:28,435 UTC [INFO ] (https-jsse-nio-8080-exec-15) - c.emc.x3.portal.server.X3HttpSessionListener  : Created http session ABE9F0D6D82E68FA9422A5B213455A4B\n2025-10-08 13:22:28,435 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : No user name on the Http session yet\n2025-10-08 13:22:28,436 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : No access_token found in Http request or Cookie Redirecting to OTDS Server\n2025-10-08 13:22:28,436 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified scheme : https\n2025-10-08 13:22:28,437 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified server name : d2.domain.com\n2025-10-08 13:22:28,437 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified server port : 443\n2025-10-08 13:22:28,438 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Built server host is : https:\/\/d2.domain.com:443\n2025-10-08 13:22:28,438 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] header name=Host, value=d2.domain.com\n2025-10-08 13:22:28,439 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderValueSize: 8192\n2025-10-08 13:22:28,439 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] validating the input valued2.domain.com\n2025-10-08 13:22:28,440 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified host : d2.domain.com\n2025-10-08 13:22:28,440 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Overall base URL built : https:\/\/d2.domain.com\/D2\n2025-10-08 13:22:28,441 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : Redirection url post encoding - https%3A%2F%2Fd2.domain.com%2FD2%2Fd2_otds.html%3ForigUrl%3D%2FD2%2F\n2025-10-08 13:22:28,441 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : OAUTH final login sendRedirect URL : https:\/\/otds-mfa.domain.com\/otdsws\/oauth2\/auth?response_type=token&client_id=dctm-ns-d2&redirect_uri=https%3A%2F%2Fd2.domain.com%2FD2%2Fd2_otds.html%3ForigUrl%3D%2FD2%2F&logon_appname=Documentum+Client+CE+23.4\n2025-10-08 13:22:28,442 UTC [DEBUG] (https-jsse-nio-8080-exec-15) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : Sending redirection as it's not a rpc call : https:\/\/otds-mfa.domain.com\/otdsws\/oauth2\/auth?response_type=token&client_id=dctm-ns-d2&redirect_uri=https%3A%2F%2Fd2.domain.com%2FD2%2Fd2_otds.html%3ForigUrl%3D%2FD2%2F&logon_appname=Documentum+Client+CE+23.4\n2025-10-08 13:22:29,661 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderKeySize: 256\n2025-10-08 13:22:29,662 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderValueSize: 8192\n2025-10-08 13:22:29,663 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : No user name on the Http session yet\n2025-10-08 13:22:29,663 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : Found access_token on Http Cookie, invalidating the cookie by setting maxAge 0\n2025-10-08 13:22:29,663 UTC [INFO ] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : setting the cookie as secure as its a https request\n2025-10-08 13:22:29,664 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : OTDS responded with a oauth token\n2025-10-08 13:22:29,664 UTC [INFO ] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : ------ Begin getUntrustedJwtHeader : eyJraWQiOiJjZTU1...hilhGwaaPyHvrHQ\n2025-10-08 13:22:29,665 UTC [INFO ] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : getUntrustedJwtHeader oauthTokenWithoutSignature : eyJraWQiOiJjZTU1...XNieGN0LWQyIn0.\n2025-10-08 13:22:29,834 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : ------ Begin validateOTDSTokenClaims : MYUSERID\n2025-10-08 13:22:29,834 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  :  validateOTDSTokenClaims for user : MYUSERID , OTDS : currenttime: 1759929749834 expirationtime: 1759933349000\n2025-10-08 13:22:29,835 UTC [INFO ] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : ------ End validateOTDSTokenClaims : MYUSERID\n2025-10-08 13:22:29,836 UTC [INFO ] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : PublicKey for Key id : ce55c...5acd9 exists\n2025-10-08 13:22:29,837 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  :  OTDS Deafault Repository from shiro configured : REPO_NAME\n2025-10-08 13:22:29,837 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : generating DM_Ticket for user : MYUSERID in Repository : REPO_NAME\n2025-10-08 13:22:30,948 UTC [ERROR] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : OAuth Token Error occurred while generating a DCTM MultiUse Ticket for user  : MYUSERID\n2025-10-08 13:22:30,948 UTC [ERROR] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : OAuth Token Error please validate the OTDS Config of user exists in Repository\ncom.documentum.fc.client.DfAuthenticationException: [DM_SESSION_E_AUTH_FAIL]error:  "Authentication failed for user myuserid with docbase REPO_NAME."\n        at com.documentum.fc.client.impl.docbase.DocbaseExceptionMapper.newException(DocbaseExceptionMapper.java:52)\n        at com.documentum.fc.client.impl.connection.docbase.MessageEntry.getException(MessageEntry.java:39)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseMessageManager.getException(DocbaseMessageManager.java:137)\n        at com.documentum.fc.client.impl.connection.docbase.netwise.NetwiseDocbaseRpcClient.checkForMessages(NetwiseDocbaseRpcClient.java:332)\n        at com.documentum.fc.client.impl.connection.docbase.netwise.NetwiseDocbaseRpcClient.applyForObject(NetwiseDocbaseRpcClient.java:680)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnection$8.evaluate(DocbaseConnection.java:1572)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnection.evaluateRpc(DocbaseConnection.java:1272)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnection.applyForObject(DocbaseConnection.java:1564)\n        at com.documentum.fc.client.impl.docbase.DocbaseApi.authenticateUser(DocbaseApi.java:1894)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnection.authenticate(DocbaseConnection.java:460)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnection.open(DocbaseConnection.java:140)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnection.<init>(DocbaseConnection.java:109)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnection.<init>(DocbaseConnection.java:69)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnectionFactory.newDocbaseConnection(DocbaseConnectionFactory.java:32)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnectionManager.createNewConnection(DocbaseConnectionManager.java:202)\n        at com.documentum.fc.client.impl.connection.docbase.DocbaseConnectionManager.getDocbaseConnection(DocbaseConnectionManager.java:132)\n        at com.documentum.fc.client.impl.session.SessionFactory.newSession(SessionFactory.java:24)\n        ...\n        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)\n        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)\n        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)\n        at java.base\/java.lang.Thread.run(Thread.java:840)\n2025-10-08 13:22:30,949 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : redirectToErrorPage : Redirecting to Error Page as Login failed for user : null and exception : {}\ncom.emc.x3.portal.server.filters.authc.X3OTDSAuthenticationFilter$1: Authentication failed for user myuserid with repository REPO_NAME.\n        at com.emc.x3.portal.server.filters.authc.X3OTDSAuthenticationFilter.validateTokenAndGetUserId(X3OTDSAuthenticationFilter.java:1167)\n        at com.emc.x3.portal.server.filters.authc.X3OTDSAuthenticationFilter.onAccessDenied(X3OTDSAuthenticationFilter.java:293)\n        at org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133)\n        at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)\n        at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:223)\n        at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:198)\n        ...\n        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)\n        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)\n        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)\n        at java.base\/java.lang.Thread.run(Thread.java:840)\n2025-10-08 13:22:30,950 UTC [INFO ] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : Adding the LicenseException to the Session : DM_SESSION_E_AUTH_FAIL\n2025-10-08 13:22:30,950 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified scheme : https\n2025-10-08 13:22:30,951 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified server name : d2.domain.com\n2025-10-08 13:22:30,952 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified server port : 443\n2025-10-08 13:22:30,952 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Built server host is : https:\/\/d2.domain.com:443\n2025-10-08 13:22:30,953 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] header name=Host, value=d2.domain.com\n2025-10-08 13:22:30,953 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderValueSize: 8192\n2025-10-08 13:22:30,953 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] validating the input valued2.domain.com\n2025-10-08 13:22:30,954 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified host : d2.domain.com\n2025-10-08 13:22:30,954 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Overall base URL built : https:\/\/d2.domain.com\/D2\n2025-10-08 13:22:30,954 UTC [DEBUG] (https-jsse-nio-8080-exec-25) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  :  D2 redirecting to errorPage JSP  : https:\/\/d2.domain.com\/D2\/errors\/authenticationError.jsp\n2025-10-08 13:22:30,975 UTC [DEBUG] (https-jsse-nio-8080-exec-27) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderKeySize: 256\n2025-10-08 13:22:30,975 UTC [DEBUG] (https-jsse-nio-8080-exec-27) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderValueSize: 8192\n2025-10-08 13:22:30,976 UTC [DEBUG] (https-jsse-nio-8080-exec-27) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : No LicenseExcepton found on HttpSession hence not Redirectling to License ErrorPage\n2025-10-08 13:22:30,976 UTC [DEBUG] (https-jsse-nio-8080-exec-27) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter :  Selected Repository : REPO_NAME\n2025-10-08 13:22:30,977 UTC [DEBUG] (https-jsse-nio-8080-exec-27) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderKeySize: 256\n2025-10-08 13:22:30,977 UTC [DEBUG] (https-jsse-nio-8080-exec-27) - o.o.e.logging.slf4j.Slf4JLogLevelHandlers$4   : [EVENT SUCCESS -> \/D2\/HTTPUtilities] MaxHeaderValueSize: 8192\n2025-10-08 13:22:30,979 UTC [INFO ] (https-jsse-nio-8080-exec-27) - c.emc.x3.portal.server.X3HttpSessionListener  : Expired Http session id : ABE9F0D6D82E68FA9422A5B213455A4B\n2025-10-08 13:22:30,979 UTC [DEBUG] (https-jsse-nio-8080-exec-27) - com.emc.x3.server.context.ContextManager      : Create a new context manager\n<\/pre><\/div>\n\n\n
As you can see above, it starts properly but when it contacts the Repository to try to generate a multi-use ticket, that’s where things go south. To try to understand what was going on, I started looking into my Repository account and I quickly saw that I actually had 2 accounts, one in lowercase (a legacy account) and a more recent one in uppercase:<\/p>\n\n\n
\n[dmadmin@cs-0 log]$ iapi $DOCBASE_NAME -Udmadmin -Pxxx << EOC\n> ?,c,select r_object_id, user_source, user_login_name, user_name from dm_user where lower(user_login_name)='myuserid';\n> exit\n> EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2023. OpenText Corporation\n        All rights reserved.\n        Client Library Release 23.4.0000.0180\n\nConnecting to Server using docbase REPO_NAME\n[DM_SESSION_I_SESSION_START]info:  "Session 010123458029cff3 started for user dmadmin."\n\nConnected to OpenText Documentum Server running Release 23.4.0000.0143  Linux64.Oracle\nSession id is s0\nAPI>\nr_object_id       user_source       user_login_name     user_name\n----------------  ----------------  ------------------  ---------------------------\n1101234580000d41  OTDS              myuserid            Patou Morgan (External)\n1101234580ec1004  OTDS              MYUSERID            Patou Morgan\n(2 rows affected)\n\nAPI> Bye\n[dmadmin@cs-0 log]$\n<\/pre><\/div>\n\n\n
There is quite a bit of background here but basically on older versions of Documentum, lowercase accounts were used at that customer with an old LDAP that isn’t around anymore and with the switch to OTDS and the new Azure EntraID, it became uppercase for simplicity. That switch from lowercase to uppercase was handled during the upgrade itself. However, my account was granted access to this Application only after the upgrade and as you can see above, the “user_name<\/em><\/strong>” and “user_login_name<\/em><\/strong>” differs. As a side note, OTDS will usually execute this kind of query to find existing users: “select * from dm_user where (user_name = ‘Patou Morgan’ or user_login_name = ‘MYUSERID’) and user_source = ‘OTDS’<\/em><\/strong>“.<\/p>\n\n\n\n
Unfortunately, on my very old account, the user_name was slightly different and therefore OTDS didn’t understand that I already had an account, and it just created a new one, in UPPERCASE, instead of updating the old one. That’s also the reason why I highly suggested that customer to change all lowercase to uppercase user_login_name post migration, so that it would allow the OTDS to correctly map users and avoid creating duplicate accounts, but that’s another topic.<\/p>\n\n\n\n
I suspected this duplicate to be the root cause of the issue, and enabling the authentication trace on the Repository definitively confirmed it:<\/p>\n\n\n
\n2025-10-08T13:22:30.541999      3057168[3057168]        010123458029d042        [AUTH]  Entering RPC AUTHENTICATE_USER\n2025-10-08T13:22:30.542064      3057168[3057168]        010123458029d042        [AUTH]  Start Authentication : LOGON_NAME=MYUSERID, DOMAIN_NAME=, OS_LOGON_NAME=tomcat, OS_LOGON_DOMAIN=, ASSUME_USER=0, TRUSTED_LOGIN_ALLOWED=1, PRINCIPAL_AUTH=0, DO_SET_LOCALE=0, RECONNECT=0, CLIENT_TOKEN=[82, -30, -86, 7, -113, -35, 124, 3, 106, -45, -4, -117, -117, 39, 109]\n2025-10-08T13:22:30.542076      3057168[3057168]        010123458029d042        [AUTH]  Start Authenticate Client Instance\n2025-10-08T13:22:30.542103      3057168[3057168]        010123458029d042        [AUTH]  Start Verify Signature, Client : dfc_H4qo73YaRaBAOd9sGtc7pKJlWkwa , Host : d2-0.d2.dctm-ns.svc.cluster.local\n2025-10-08T13:22:30.550074      3057168[3057168]        010123458029d042        [AUTH]  End Verify Signature, Client : dfc_H4qo73YaRaBAOd9sGtc7pKJlWkwa , Host : d2-0.d2.dctm-ns.svc.cluster.local\n2025-10-08T13:22:30.550128      3057168[3057168]        010123458029d042        [AUTH]  End Authenticate Client Instance\n2025-10-08T13:22:30.575328      3057168[3057168]        010123458029d042        [AUTH]  Start-AuthenticateUser: ClientHost(d2-0.d2.dctm-ns.svc.cluster.local), LogonName(MYUSERID), LogonOSName(tomcat), LogonOSDomain(), UserExtraDomain(), ServerDomain()\n2025-10-08T13:22:30.575389      3057168[3057168]        010123458029d042        [AUTH]  Start-AuthenticateUserName:\n2025-10-08T13:22:30.575404      3057168[3057168]        010123458029d042        [AUTH]  dmResolveNamesForCredentials: auth_protocol()\n2025-10-08T13:22:30.577804      3057168[3057168]        010123458029d042        [AUTH]  [DM_SESSION_E_USER_LOGIN_NAME_CONFLICT]error:  "Userloginname myuserid conflict with another user"\n2025-10-08T13:22:30.577838      3057168[3057168]        010123458029d042        [AUTH]  [DM_USER_E_NOT_DOCUMENTUM_USER]error:  "User myuserid does not exist in the docbase"\n2025-10-08T13:22:30.577851      3057168[3057168]        010123458029d042        [AUTH]  End-AuthenticateUserName: dm_user.user_login_domain(), Result: 0\n2025-10-08T13:22:30.577862      3057168[3057168]        010123458029d042        [AUTH]  Not Found dm_user.user_login_name(myuserid), dm_user.user_login_domain()\n2025-10-08T13:22:30.945436      3057168[3057168]        010123458029d042        [AUTH]  Final Auth Result=F, LOGON_NAME=myuserid, AUTHENTICATION_LEVEL=1, OS_LOGON_NAME=tomcat, OS_LOGON_DOMAIN=, CLIENT_HOST_NAME=d2-0.d2.dctm-ns.svc.cluster.local, CLIENT_HOST_ADDR=172.1.1.1, USER_LOGON_NAME_RESOLVED=1, AUTHENTICATION_ONLY=0, USER_NAME=, USER_OS_NAME=myuserid, USER_LOGIN_NAME=myuserid, USER_LOGIN_DOMAIN=, USER_EXTRA_CREDENTIAL[0]=, USER_EXTRA_CREDENTIAL[1]=, USER_EXTRA_CREDENTIAL[2]=e2, USER_EXTRA_CREDENTIAL[3]=, USER_EXTRA_CREDENTIAL[4]=, USER_EXTRA_CREDENTIAL[5]=, SERVER_SESSION_ID=010123458029d042, AUTH_BEGIN_TIME=Wed Oct  8 13:22:30 2025, AUTH_END_TIME=Wed Oct  8 13:22:30 2025, Total elapsed time=0 seconds\n2025-10-08T13:22:30.945484      3057168[3057168]        010123458029d042        [AUTH]  Exiting RPC AUTHENTICATE_USER\n<\/pre><\/div>\n\n\n
My next step was therefore to merge the 2 accounts, to see if the SSO was working again. I could use the Re-Assign action on Documentum Administrator to do that, but for this blog, I wanted to do it through command line. Therefore, I started with the creation of a new “dm_job_request<\/em><\/strong>” whose purpose is to reassign the lowercase account to the UPPERCASE one (note: I used iapi format here to show each key\/value, but it might be easier and will be shorter \/ more compact through DQL):<\/p>\n\n\n
\n[dmadmin@cs-0 log]$ iapi $DOCBASE_NAME -Udmadmin -Pxxx << EOC\n> create,c,dm_job_request\n> set,c,l,object_name\n> UserRename\n> set,c,l,job_name\n> dm_UserRename\n> set,c,l,method_name\n> dm_UserRename\n> set,c,l,request_completed\n> F\n> set,c,l,priority\n> 0\n> append,c,l,arguments_keys\n> OldUserName\n> append,c,l,arguments_values\n> Patou Morgan (External)\n> append,c,l,arguments_keys\n> NewUserName\n> append,c,l,arguments_values\n> Patou Morgan\n> append,c,l,arguments_keys\n> report_only\n> append,c,l,arguments_values\n> F\n> append,c,l,arguments_keys\n> unlock_locked_obj\n> append,c,l,arguments_values\n> T\n> link,c,l,\/System\/Sysadmin\/UserRename\n> save,c,l\n> exit\n> EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2023. OpenText Corporation\n        All rights reserved.\n        Client Library Release 23.4.0000.0180\n\nConnecting to Server using docbase REPO_NAME\n[DM_SESSION_I_SESSION_START]info:  "Session 010123458029d04d started for user dmadmin."\n\nConnected to OpenText Documentum Server running Release 23.4.0000.0143  Linux64.Oracle\nSession id is s0\nAPI> ...\n08012345800c1797\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> SET> ...\nOK\nAPI> ...\nOK\nAPI> ...\nOK\nAPI> Bye\n[dmadmin@cs-0 log]$\n<\/pre><\/div>\n\n\n
Then you would need to execute\/run the “dm_UserRename<\/em><\/strong>” job, so it can process the requests. This can also be done through DA (note: the Re-Assign on DA can also trigger the job directly too) but let’s continue with the command line option:<\/p>\n\n\n
\n[dmadmin@cs-0 log]$ iapi $DOCBASE_NAME -Udmadmin -Pxxx << EOC\n> ?,c,update dm_job objects set run_now=true, set a_next_invocation=date(now) where object_name='dm_UserRename';\n> exit\n> EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2023. OpenText Corporation\n        All rights reserved.\n        Client Library Release 23.4.0000.0180\n\nConnecting to Server using docbase REPO_NAME\n[DM_SESSION_I_SESSION_START]info:  "Session 010123458029d05c started for user dmadmin."\n\nConnected to OpenText Documentum Server running Release 23.4.0000.0143  Linux64.Oracle\nSession id is s0\nAPI>\nobjects_updated\n---------------\n              1\n(1 row affected)\n[DM_QUERY_I_NUM_UPDATE]info:  "1 objects were affected by your UPDATE statement."\n\nAPI> Bye\n[dmadmin@cs-0 log]$\n<\/pre><\/div>\n\n\n
Once the job ran, I was left with a single (correct) account:<\/p>\n\n\n
\n[dmadmin@cs-0 log]$ iapi $DOCBASE_NAME -Udmadmin -Pxxx << EOC\n> ?,c,select r_object_id, user_source, user_login_name, user_name from dm_user where lower(user_login_name)='myuserid';\n> exit\n> EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2023. OpenText Corporation\n        All rights reserved.\n        Client Library Release 23.4.0000.0180\n\nConnecting to Server using docbase REPO_NAME\n[DM_SESSION_I_SESSION_START]info:  "Session 010123458029d063 started for user dmadmin."\n\nConnected to OpenText Documentum Server running Release 23.4.0000.0143  Linux64.Oracle\nSession id is s0\nAPI>\nr_object_id       user_source       user_login_name     user_name\n----------------  ----------------  ------------------  ---------------------------\n1101234580ec1004  OTDS              MYUSERID            Patou Morgan\n(1 row affected)\n\nAPI> Bye\n[dmadmin@cs-0 log]$\n<\/pre><\/div>\n\n\n
Without surprises, the SSO was working afterwards, as D2 could proceed with the multi-use ticket generation:<\/p>\n\n\n
\n2025-10-08 13:37:45,779 UTC [INFO ] (https-jsse-nio-8080-exec-17) - c.emc.x3.portal.server.X3HttpSessionListener  : Created http session AA7FD4CC34B6FE6779071D21E6B366CD\n2025-10-08 13:37:45,780 UTC [DEBUG] (https-jsse-nio-8080-exec-17) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : No user name on the Http session yet\n2025-10-08 13:37:45,780 UTC [DEBUG] (https-jsse-nio-8080-exec-17) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : No access_token found in Http request or Cookie Redirecting to OTDS Server\n2025-10-08 13:37:45,781 UTC [DEBUG] (https-jsse-nio-8080-exec-17) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified scheme : https\n2025-10-08 13:37:45,781 UTC [DEBUG] (https-jsse-nio-8080-exec-17) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified server name : d2.domain.com\n2025-10-08 13:37:45,782 UTC [DEBUG] (https-jsse-nio-8080-exec-17) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Identified server port : 443\n2025-10-08 13:37:45,782 UTC [DEBUG] (https-jsse-nio-8080-exec-17) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter : Built server host is : https:\/\/d2.domain.com:443\n...\n2025-10-08 13:37:45,946 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : No user name on the Http session yet\n2025-10-08 13:37:45,946 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : Found access_token on Http Cookie, invalidating the cookie by setting maxAge 0\n2025-10-08 13:37:45,946 UTC [INFO ] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : setting the cookie as secure as its a https request\n2025-10-08 13:37:45,947 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : OTDS responded with a oauth token\n2025-10-08 13:37:45,947 UTC [INFO ] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : ------ Begin getUntrustedJwtHeader : eyJraWQiOiJjZ...9pQDTqTmfRQ\n2025-10-08 13:37:45,947 UTC [INFO ] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : getUntrustedJwtHeader oauthTokenWithoutSignature : eyJraWQiOiJjZ...eGN0LWQyIn0.\n2025-10-08 13:37:46,134 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : ------ Begin validateOTDSTokenClaims : MYUSERID\n2025-10-08 13:37:46,135 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  :  validateOTDSTokenClaims for user : MYUSERID , OTDS : currenttime: 1759930666135 expirationtime: 1759934265000\n2025-10-08 13:37:46,136 UTC [INFO ] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : ------ End validateOTDSTokenClaims : MYUSERID\n2025-10-08 13:37:46,136 UTC [INFO ] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : PublicKey for Key id : ce55c...5acd9 exists\n2025-10-08 13:37:46,138 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  :  OTDS Deafault Repository from shiro configured : REPO_NAME\n2025-10-08 13:37:46,138 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : generating DM_Ticket for user : MYUSERID in Repository : REPO_NAME\n2025-10-08 13:37:47,289 UTC [INFO ] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : generateDCTMTicket : dm_ticket ticketTimeout generated for user : MYUSERID is 480 minutes\n2025-10-08 13:37:47,295 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : DCTM MultiUseTicket generated for user : MYUSERID in repository : REPO_NAME\n2025-10-08 13:37:47,295 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.authc.X3OTDSAuthenticationFilter  : OTDS : OAUTH Token is validated and multiuse dctmticket generated for user : MYUSERID\n2025-10-08 13:37:47,295 UTC [DEBUG] (https-jsse-nio-8080-exec-32) - c.e.x.p.s.f.a.X3TrustHttpAuthenticationFilter :  Selected Repository : REPO_NAME\n...\n<\/pre><\/div>\n\n\n
The Repository authentication trace was also showing a correct behavior (otherwise D2 wouldn’t have gotten the ticket):<\/p>\n\n\n
\n2025-10-08T13:37:46.853755      3073303[3073303]        010123458029d067        [AUTH]  Entering RPC AUTHENTICATE_USER\n2025-10-08T13:37:46.853812      3073303[3073303]        010123458029d067        [AUTH]  Start Authentication : LOGON_NAME=MYUSERID, DOMAIN_NAME=, OS_LOGON_NAME=tomcat, OS_LOGON_DOMAIN=, ASSUME_USER=0, TRUSTED_LOGIN_ALLOWED=1, PRINCIPAL_AUTH=0, DO_SET_LOCALE=0, RECONNECT=0, CLIENT_TOKEN=[82, -30, -86, 7, -113, -35, 124, 3, 106, -45, -4, -117, -117, 39, 109]\n2025-10-08T13:37:46.853823      3073303[3073303]        010123458029d067        [AUTH]  Start Authenticate Client Instance\n2025-10-08T13:37:46.853858      3073303[3073303]        010123458029d067        [AUTH]  Start Verify Signature, Client : dfc_H4qo73YaRaBAOd9sGtc7pKJlWkwa , Host : d2-0.d2.dctm-ns.svc.cluster.local\n2025-10-08T13:37:46.862406      3073303[3073303]        010123458029d067        [AUTH]  End Verify Signature, Client : dfc_H4qo73YaRaBAOd9sGtc7pKJlWkwa , Host : d2-0.d2.dctm-ns.svc.cluster.local\n2025-10-08T13:37:46.862454      3073303[3073303]        010123458029d067        [AUTH]  End Authenticate Client Instance\n2025-10-08T13:37:46.888013      3073303[3073303]        010123458029d067        [AUTH]  Start-AuthenticateUser: ClientHost(d2-0.d2.dctm-ns.svc.cluster.local), LogonName(MYUSERID), LogonOSName(tomcat), LogonOSDomain(), UserExtraDomain(), ServerDomain()\n2025-10-08T13:37:46.888050      3073303[3073303]        010123458029d067        [AUTH]  Start-AuthenticateUserName:\n2025-10-08T13:37:46.888061      3073303[3073303]        010123458029d067        [AUTH]  dmResolveNamesForCredentials: auth_protocol()\n2025-10-08T13:37:46.891487      3073303[3073303]        010123458029d067        [AUTH]  End-AuthenticateUserName: dm_user.user_login_domain(), Result: 1\n2025-10-08T13:37:46.891511      3073303[3073303]        010123458029d067        [AUTH]  Found dm_user.user_login_name(MYUSERID), dm_user.user_login_domain()\n2025-10-08T13:37:46.891524      3073303[3073303]        010123458029d067        [AUTH]  Start-AuthenticateDomain:LogonName(MYUSERID), UserExtraDomain(), auth_protocol()\n2025-10-08T13:37:46.891539      3073303[3073303]        010123458029d067        [AUTH]  AuthenticateDomain - no domain required:domainOverride(False), user_login_domain(), serverAuthTarget(), userAuthTarget()\n2025-10-08T13:37:46.891548      3073303[3073303]        010123458029d067        [AUTH]  End-AuthenticateDomain: 1\n2025-10-08T13:37:46.891557      3073303[3073303]        010123458029d067        [AUTH]  Start-AuthenticateUserState:UserLoginName(MYUSERID), UserExtraDomain()\n2025-10-08T13:37:46.891571      3073303[3073303]        010123458029d067        [AUTH]  Start-AuthenticateUserState:\n2025-10-08T13:37:46.891581      3073303[3073303]        010123458029d067        [AUTH]  dmStateForUser: auth_protocol()\n2025-10-08T13:37:46.891594      3073303[3073303]        010123458029d067        [AUTH]  End-AuthenticateUserState: 1\n2025-10-08T13:37:46.891625      3073303[3073303]        010123458029d067        [AUTH]  Start-AuthenticateByTrust:OSLogonName(tomcat), UserLoginName(MYUSERID), OSLogonDomain(), UserExtraDomain()\n2025-10-08T13:37:46.892885      3073303[3073303]        010123458029d067        [AUTH]  Trusted authentication failed because OS logon user name mis-match\n2025-10-08T13:37:46.892912      3073303[3073303]        010123458029d067        [AUTH]  End-AuthenticateByTrust: 0\n2025-10-08T13:37:46.898219      3073303[3073303]        010123458029d067        [AUTH]  Create Session Log for user : MYUSERID, FILE NAME : 010123458029d067\n2025-10-08T13:37:46.908056      3073303[3073303]        010123458029d067        [AUTH]  Done creating Session Log File for user : MYUSERID\n2025-10-08T13:37:47.287354      3073303[3073303]        010123458029d067        [AUTH]  Cannot find method dm_checkoutLicense.\n2025-10-08T13:37:47.287656      3073303[3073303]        010123458029d067        [AUTH]  Final Auth Result=T, LOGON_NAME=MYUSERID, AUTHENTICATION_LEVEL=10, OS_LOGON_NAME=tomcat, OS_LOGON_DOMAIN=, CLIENT_HOST_NAME=d2-0.d2.dctm-ns.svc.cluster.local, CLIENT_HOST_ADDR=172.1.1.1, USER_LOGON_NAME_RESOLVED=1, AUTHENTICATION_ONLY=0, USER_NAME=Patou Morgan, USER_OS_NAME=MYUSERID, USER_LOGIN_NAME=MYUSERID, USER_LOGIN_DOMAIN=, USER_EXTRA_CREDENTIAL[0]=, USER_EXTRA_CREDENTIAL[1]=, USER_EXTRA_CREDENTIAL[2]=e2, USER_EXTRA_CREDENTIAL[3]=, USER_EXTRA_CREDENTIAL[4]=, USER_EXTRA_CREDENTIAL[5]=, SERVER_SESSION_ID=010123458029d067, AUTH_BEGIN_TIME=Wed Oct  8 13:37:46 2025, AUTH_END_TIME=Wed Oct  8 13:37:47 2025, Total elapsed time=1 seconds\n2025-10-08T13:37:47.287668      3073303[3073303]        010123458029d067        [AUTH]  Exiting RPC AUTHENTICATE_USER\n<\/pre><\/div>\n\n\n
It is pretty obvious that duplicate accounts and other similar misconfigurations at the Repository level would cause issues with the login process, but what isn’t usual is getting an error related to invalid licenses for that, especially so since my account did exist in the Repository, Documentum was just not using the one that OTDS\/D2 mentioned.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
After doing some more upgrades from Documentum 20.2 to 23.4, including D2, I faced a funny error about invalid licenses (DM_LICENSE_E_INVALID_LICENSE) while trying to login to D2 through OTDS SSO. That’s interesting because there is no license management for Documentum in 23.x, it only starts from 24.4 onwards. This is the (pretty) error in question: […]<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[525],"tags":[443,3755,2609,3500,445],"type_dbi":[],"class_list":["post-41740","post","type-post","status-publish","format-standard","hentry","category-enterprise-content-management","tag-d2","tag-dm_license_e_invalid_license","tag-documentum-2","tag-otds","tag-sso"],"acf":[],"yoast_head":"\nDctm - D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE - dbi Blog<\/title>\n<meta name=\"description\" content=\"Facing an DM_LICENSE_E_INVALID_LICENSE error? Then you probably don't have an account in the Repository or your account has some problems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dctm - D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE\" \/>\n<meta property=\"og:description\" content=\"Facing an DM_LICENSE_E_INVALID_LICENSE error? Then you probably don't have an account in the Repository or your account has some problems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-03T19:50:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-25T20:16:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/12\/D2_SSO_LICENSE.png\" \/>\n\t<meta property=\"og:image:width\" content=\"924\" \/>\n\t<meta property=\"og:image:height\" content=\"352\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Morgan Patou\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MorganPatou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Morgan Patou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/\"},\"author\":{\"name\":\"Morgan Patou\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"headline\":\"Dctm – D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE\",\"datePublished\":\"2025-12-03T19:50:00+00:00\",\"dateModified\":\"2026-02-25T20:16:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/\"},\"wordCount\":740,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/12\\\/D2_SSO_LICENSE.png\",\"keywords\":[\"D2\",\"DM_LICENSE_E_INVALID_LICENSE\",\"Documentum\",\"OTDS\",\"SSO\"],\"articleSection\":[\"Enterprise content management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/\",\"name\":\"Dctm - D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/12\\\/D2_SSO_LICENSE.png\",\"datePublished\":\"2025-12-03T19:50:00+00:00\",\"dateModified\":\"2026-02-25T20:16:54+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"description\":\"Facing an DM_LICENSE_E_INVALID_LICENSE error? Then you probably don't have an account in the Repository or your account has some problems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/12\\\/D2_SSO_LICENSE.png\",\"contentUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/12\\\/D2_SSO_LICENSE.png\",\"width\":924,\"height\":352},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Dctm – D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\",\"name\":\"Morgan Patou\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"caption\":\"Morgan Patou\"},\"description\":\"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex & critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\\\/Banking, and the Pharmaceutical industry.\",\"sameAs\":[\"https:\\\/\\\/blog.dbi-services.com\\\/author\\\/morgan-patou\\\/\",\"https:\\\/\\\/x.com\\\/MorganPatou\"],\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/morgan-patou\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Dctm - D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE - dbi Blog","description":"Facing an DM_LICENSE_E_INVALID_LICENSE error? Then you probably don't have an account in the Repository or your account has some problems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/","og_locale":"en_US","og_type":"article","og_title":"Dctm - D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE","og_description":"Facing an DM_LICENSE_E_INVALID_LICENSE error? Then you probably don't have an account in the Repository or your account has some problems.","og_url":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/","og_site_name":"dbi Blog","article_published_time":"2025-12-03T19:50:00+00:00","article_modified_time":"2026-02-25T20:16:54+00:00","og_image":[{"width":924,"height":352,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/12\/D2_SSO_LICENSE.png","type":"image\/png"}],"author":"Morgan Patou","twitter_card":"summary_large_image","twitter_creator":"@MorganPatou","twitter_misc":{"Written by":"Morgan Patou","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/"},"author":{"name":"Morgan Patou","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"headline":"Dctm – D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE","datePublished":"2025-12-03T19:50:00+00:00","dateModified":"2026-02-25T20:16:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/"},"wordCount":740,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/12\/D2_SSO_LICENSE.png","keywords":["D2","DM_LICENSE_E_INVALID_LICENSE","Documentum","OTDS","SSO"],"articleSection":["Enterprise content management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/","url":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/","name":"Dctm - D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/12\/D2_SSO_LICENSE.png","datePublished":"2025-12-03T19:50:00+00:00","dateModified":"2026-02-25T20:16:54+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"description":"Facing an DM_LICENSE_E_INVALID_LICENSE error? Then you probably don't have an account in the Repository or your account has some problems.","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/12\/D2_SSO_LICENSE.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/12\/D2_SSO_LICENSE.png","width":924,"height":352},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/dctm-d2-sso-through-otds-fails-with-dm_license_e_invalid_license\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Dctm – D2 SSO through OTDS fails with DM_LICENSE_E_INVALID_LICENSE"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8","name":"Morgan Patou","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","caption":"Morgan Patou"},"description":"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex & critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\/Banking, and the Pharmaceutical industry.","sameAs":["https:\/\/blog.dbi-services.com\/author\/morgan-patou\/","https:\/\/x.com\/MorganPatou"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/morgan-patou\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/41740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=41740"}],"version-history":[{"count":4,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/41740\/revisions"}],"predecessor-version":[{"id":43522,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/41740\/revisions\/43522"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=41740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=41740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=41740"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=41740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}