Error message "Authentication Failed" while adding Workflow to application in RSA Archer 6.0
RSA Product Set: RSAArcher RSA Version/Condition: Only6.0 Platform: Windows
Important: This KB article applies specifically to Archer version 6.0 only because this is the only version of Archer that uses Java for Advanced Workflow. This KB cannot be used to resolve similar issues with Archer Version 6.1 or newer, or any versions prior to 6.0.
While SSL is enabled, the following error is received when trying to add a workflow to an application:
2015-11-20 20:20:23,885 WARN [wp.utils.WpUtils] (default task-21) java.lang.RuntimeException:
The server login was denied for the following reason: Authentication Failed for user 187
When Archer 6.0 is configured to use SSL, the certificate chain for the HTTPS/SSL certificate used by IIS must exist in the Java Keystore. If it is not, the Advanced Workflow will not work. This is because a trust relationship cannot be created between the API request and the Workpoint service.
Configuring Java to use your Root CA Certificate with SSL in Archer 6.0
When Archer 6.0 is configured to use SSL, your certificate chain for the HTTPS/SSL certificate used by IIS must exist in the Java Keystore. If it is not, the Advanced Workflow will not work. This is because a trust relationship cannot be created between the API request and the Workpoint service.
Exporting the Certificate:
Open IIS Manager
Open "Server Certificates" in IIS Manager
Double-click the Certificate that is currently in use for your Archer Site
Certificate Path Tab
For *EACH* Certificate listed in the certificate path
Click "View Certificate" if it isn't the currently open certificate.
Details Tab. Image description
Click "Copy to File...".
Select "No, do not export the private key". Image description
Name the file after the certificate and save it to a location. Image description
IMPORTANT: Repeat steps 1 through 6 for each certificate in the certificate path of the certificate that is currently being used by IIS for HTTPS/SSL. This will result in either 1, or many.CER files. All of which need to be imported into the Java Keystore.
Download and install KeyStore Explorer on the web server.