DWA login using smart card (CAC) results in "CRCRW5016l Login has failed" error
Attempts to log in using IBM Rational DOORS Web Access (DWA) client results in the error "CRCRW5016l Login has failed: FAILED_UNEXPECTED_EXCEPTION".
The failure is due to invalid XML being sent from the browser during the login process.
Diagnosing the problem
The CAC implementation has a significant difference to the base SSL setup, so it is possible that one setup can work while the other is experiencing problems.
- The base SSL configuration ensures that DWA provides a Certificate to identify itself.
- The CAC configuration requires that the browser provide a certificate that DWA then checks against its trust-store to determine validity
- Enable advanced DWA server logging and start the Interop server with logging.
The logs may show an error related to the failure due to the server receiving invalid XML from the browser during the login process where XML control characters (0x13) in the data is not valid content that can be parsed.
- Verify your certificates.
You should have generated certificates for use with your CAC implementation, verifying the ones on the cards against those in the trust-store on the server. These would normally be generated using the java key tool, which gives you a range of options for keystore type (such as JKS) and for signature algorithms (such as RSA). The tool should allow you to list which certificates are present in your trust-store, along with your certificate fingerprints. Depending on how exactly you are storing the certificates on your cards, you should have a similar means to view or list the certificates on the cards that you are having problems using to login.
Resolving the problem
Your configuration must be setup to submit valid certificates using your browser with DWA.
- Fix any errors or mismatches found in the error at any point during the certificate generation or deployment when the server is attempting to process the incoming certificate information that the CAC setup is providing.
- Resolve any certificate information mismatches that have been identified to ensure a valid certificate is being submitted for validation on the server.