Skip to main content
Skip table of contents

Search Configuration for OpenText Content Server - Kerberos

Configure Content Server, Active Directory, and SPNs

1. Setup the Service Account

Configure Shinydocs Search Service Account:

  1. Account Requirements:

    • The "Shinydocs Search" process must run as a domain user account or a group-managed service account (GMSA). For more details on GMSA, refer to the Microsoft documentation.

  2. Grant Permissions to the Service Account:

    • Add the account to the local Administrators group on the server where Shinydocs Pro is installed.

      • Alternatively, configure the following specific permissions:

        • Read access to the server.

          • Add the account to the local "Users" group.

        • Full Control on the Shinydocs Search folder (default path: C:\Program Files\Shinydocs Professional\Search).

        • Read access to the Shinydocs Search service certificate (default certificate: localhost.localdomain).

Grant Certificate Permissions

  1. On the Shinydocs Pro server, open certlm.msc.

  2. Navigate to Certificates - Local Computer > Personal > Certificates.

  3. Locate and select localhost.localdomain.

  4. From the menu bar, choose Action > All Tasks > Manage Private Keys.

  5. Click Add and select the service account.

  6. Under "Allow", checkmark Read, then click Apply.

2. Active Directory User Setup

Configure Delegation

  1. Open Active Directory Users and Computers.

  2. Locate the Shinydocs Service Account.

  3. Right-click the account and select Properties.

  4. Go to the Delegation tab and:

    • Choose Trust this user for delegation to specified services only.

    • Select Use Kerberos only.

Add SPNs for Delegation

  1. Click Add to open the delegation window.

  2. Select Users or Computers and search for the target service account.

  3. Add the required SPNs associated with the service.

  4. Click Apply to save changes.

3. Setting Service Principal Names (SPNs)

SPN Configuration Steps

  1. Open a command prompt or PowerShell with administrative rights.

  2. Determine the hostnames of the Shinydocs Search servers:

    • For single-instance setups, use the machine hostname (e.g., search.example.local).

    • For load-balanced clusters, include all machine hostnames and the load balancer's DNS name (e.g., search01.example.local, search02.example.local, search.example.local).

  3. Run the following commands to add SPNs:

    CODE
    setspn -S HTTP/<hostname> <domain\service_account>

    Repeat for each hostname.

4. Authorization to OTDS (SPNs)

Set SPNs for OTDS Hosts

Run the following commands for each OTDS-related hostname:

  1. OTDS Hostname:

    CODE
    setspn -S HTTP/<otdsHostName> <domain\service_account>
  2. OTDS Fully Qualified Domain Name (FQDN):

    CODE
    setspn -S HTTP/<otdsHostName.fqdn.com> <domain\service_account>
  3. OTDS Load Balancer:

    CODE
    setspn -S HTTP/<otdsloadbalancer> <domain\service_account>
    setspn -S HTTP/<otdsloadbalancer.fqdn.com> <domain\service_account>

Troubleshooting

  • Kerberos logging can be enabled by editing the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Registry Value: LogLevel

Value Type: REG_DWORD

Value Data: 0x1

If the Parameters subkey does not exist, create it.

Shinydocs Search Setup for OpenText Content Server

1. Update Content Server Connector Settings

  1. Navigate to the Application Settings menu.

  2. Select Content Server Settings.

  3. Update the Setup section:

    • Enter the Base URL of the Content Server instance (e.g., https://contentserver/otcs/cs.exe).

    • Enter the fully qualified domain name or IP address in OTDS Endpoint (e.g., https://otds-server:8443/otdsws).

    • Select the REST API version (typically Version 2).

    • Toggle the Enable Login Page option on.

  4. Update the Navigation section as required:

    • Configure the behavior for Content Server item URLs:

      • Open Page (default).

      • Overview Page.

      • Properties Page.

  5. Adjust the Performance section:

    • Update the Bulk Permission Check Size:

      • Default value: 25.

      • Increase if the system is fast.

      • Decrease if there is a lag in loading records after permission validation.

2. Enable Content Server Shortcuts

  1. Open Content Server as an administrator.

  2. Select Admin from the top navigation.

  3. Navigate to Content Server Administration > Core System > Presentation > Configure Document Function.

  4. [Recommended] Check Enable Document Overview Pages.

  5. [Optional] Configure additional options based on organizational requirements.

  6. Save changes.

For further details, refer to the embedded PDF for information on on-click behaviour for documents in OpenText Content Server.

Application_Note_-_On-click_behavior_for_documents_on_OpenText_Content_Server.pdf

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.