One of the new features from Documentum 25.4 is that OTDSAuthenticator runs now outside JMS. This brings a clear advantage: authentication doesn’t depend on JMS.

However, this is something we can easily achieve on earlier versions of Documentum and get some benefits as well:

• As mentioned before, if JMS crashes or runs out of memory or whatever, your users will still be able to authenticate
• If you’re running a cluster, you can use a DNS load balancer and actually have a balanced OTDSAuthenticator service (as how it works now is defining OTDSAuthenticator url as “localhost” which binds each node to its local OTDSAuthenticator, but this is not fault-tolerant, as losing one JMS will render that node useless as it won’t be able to authenticate users)

This process is actually quite simple:

• Get an application server (Tomcat, Jetty, etc.)
• Drop it on whatever folder on the server (I would use $DOCUMENTUM/otdsauth)
• Modify the app server configuration to use an unused port instead of the default 8080
• Copy $DM_JMS_HOME/webapps/OTDSAuthenticator to your app server webapps’ folder and start the server
• Update dm_server_config entry for OTDSAuthenticator with your app server value (ie: http://localhost:8880/OTDSAuthentication/servlet/authenticate)
• Reinit / restart repository

And that’s all, you’ll be using a standalone OTDSAuthenticator not dependant on JMS.