{"csrf":null,"errors":[{"csrf":null,"errorType":"failed, received exception and no soap-fault","errorMessage":"javax.xml.ws.soap.SOAPFaultException: org.xml.sax.SAXParseException: cvc-maxLength-valid: Value 'THIS-IS-THE-PASSWORD-THAT-IS-TOO-LONG' with length = '27' is not facet-valid with respect to maxLength '20' for type 'password'.\n\tat org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)\n\tat $Proxy3813.createLoaOneUser(Unknown Source)\n\tat gov.hhs.cms.eidm.ws.client.newusrregstn.api.registration.LiteAccRegistration_LiteAccRegistrationService_Client.createLoaOneUser(LiteAccRegistration_LiteAccRegistrationService_Client.java:58)\n\tat gov.hhs.cms.eidm.ws.client.newusrregstn.api.registration.LiteAccRegistration_LiteAccRegistrationService_Client.createLoaOneUser(LiteAccRegistration_LiteAccRegistrationService_Client.java:85)\n\tat gov.hhs.cms.eidm.ws.proxy.service.impl.BaseEidmProxyServiceImpl.createLiteAccountLoa1(BaseEidmProxyServiceImpl.java:155)\n\tat sun.reflect.GeneratedMethodAccessor3545.invoke(Unknown Source)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)\n\tat java.lang.reflect.Method.invoke(Method.java:597)\n\tat org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)\n\tat org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)\n\tat org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:61)\n\tat org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)\n\tat org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)\n\tat java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)\n\tat java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)\n\tat java.util.concurrent.FutureTask.run(FutureTask.java:138)\n\tat org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)\n\tat org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:123)\n\tat org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)\n\tat org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)\n\tat org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)\n\tat org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:126)\n\tat org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)\n\tat org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:637)\n\tat org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\n\tat org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)\n\tat org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)\n\tat org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)\n\tat org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)\n\tat org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)\n\tat org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)\n\tat org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)\n\tat org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)\n\tat org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436)\n\tat org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:385)\n\tat org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)\n\tat java.lang.Thread.run(Thread.java:662)\nCaused by: org.apache.cxf.binding.soap.SoapFault: org.xml.sax.SAXParseException: cvc-maxLength-valid: Value 'THIS-IS-THE-PASSWORD-THAT-IS-TOO-LONG' with length = '27' is not facet-valid with respect to maxLength '20' for type 'password'.\n\tat org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.unmarshalFault(Soap12FaultInInterceptor.java:114)\n\tat org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:59)\n\tat org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:46)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:107)\n\tat org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)\n\tat org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:799)\n\tat org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1627)\n\tat org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1494)\n\tat org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1402)\n\tat org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)\n\tat org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649)\n\tat org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)\n\tat org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)\n\tat org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)\n\tat org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)\n\tat org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)\n\tat org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)\n\t... 49 more\n","statusType":null,"statusMessage":null}],"emailId":null,"samlToken":null}
And the actual error message that the user sees is:
"Please note that two or more answers to the security questions cannot be the same. You must provide distinct answers to the chosen security questions.
Please wait a few moments and try again."
At no point does it tell you that your password is too long.
Edit: I should clarify the error appears after filling out the security questions section and hitting submit.
The error from the server is:
POST https://www.healthcare.gov/ee-rest/ffe/en_US/MyAccountEIDMUnsecuredIntegration/createLiteEIDMAccount 500 (Internal Server Error) jquery.min.js:2 send jquery.min.js:2 p.extend.ajax jquery.min.js:2 c.sync backbone-0.9.2.full.js:497 Backbone._sync eeBackbone.js:5 A.extend.save backbone-0.9.2.full.js:141 FFEView.extend.createProfile registration.js:5809 p.event.dispatch jquery.min.js:2 g.handle.h jquery.min.js:2
The response is:
{"csrf":null,"errors":[{"csrf":null,"errorType":"failed, received exception and no soap-fault","errorMessage":"javax.xml.ws.soap.SOAPFaultException: org.xml.sax.SAXParseException: cvc-maxLength-valid: Value 'THIS-IS-THE-PASSWORD-THAT-IS-TOO-LONG' with length = '27' is not facet-valid with respect to maxLength '20' for type 'password'.\n\tat org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)\n\tat $Proxy3813.createLoaOneUser(Unknown Source)\n\tat gov.hhs.cms.eidm.ws.client.newusrregstn.api.registration.LiteAccRegistration_LiteAccRegistrationService_Client.createLoaOneUser(LiteAccRegistration_LiteAccRegistrationService_Client.java:58)\n\tat gov.hhs.cms.eidm.ws.client.newusrregstn.api.registration.LiteAccRegistration_LiteAccRegistrationService_Client.createLoaOneUser(LiteAccRegistration_LiteAccRegistrationService_Client.java:85)\n\tat gov.hhs.cms.eidm.ws.proxy.service.impl.BaseEidmProxyServiceImpl.createLiteAccountLoa1(BaseEidmProxyServiceImpl.java:155)\n\tat sun.reflect.GeneratedMethodAccessor3545.invoke(Unknown Source)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)\n\tat java.lang.reflect.Method.invoke(Method.java:597)\n\tat org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)\n\tat org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)\n\tat org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:61)\n\tat org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)\n\tat org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)\n\tat java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)\n\tat java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)\n\tat java.util.concurrent.FutureTask.run(FutureTask.java:138)\n\tat org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)\n\tat org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:123)\n\tat org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)\n\tat org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)\n\tat org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)\n\tat org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:126)\n\tat org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)\n\tat org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:637)\n\tat org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\n\tat org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)\n\tat org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)\n\tat org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)\n\tat org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)\n\tat org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)\n\tat org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)\n\tat org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)\n\tat org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)\n\tat org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436)\n\tat org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:385)\n\tat org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)\n\tat java.lang.Thread.run(Thread.java:662)\nCaused by: org.apache.cxf.binding.soap.SoapFault: org.xml.sax.SAXParseException: cvc-maxLength-valid: Value 'THIS-IS-THE-PASSWORD-THAT-IS-TOO-LONG' with length = '27' is not facet-valid with respect to maxLength '20' for type 'password'.\n\tat org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.unmarshalFault(Soap12FaultInInterceptor.java:114)\n\tat org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:59)\n\tat org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:46)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:107)\n\tat org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)\n\tat org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:799)\n\tat org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1627)\n\tat org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1494)\n\tat org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1402)\n\tat org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)\n\tat org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649)\n\tat org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)\n\tat org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)\n\tat org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)\n\tat org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)\n\tat org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)\n\tat org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)\n\tat org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)\n\tat org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)\n\t... 49 more\n","statusType":null,"statusMessage":null}],"emailId":null,"samlToken":null}
And the actual error message that the user sees is:
"Please note that two or more answers to the security questions cannot be the same. You must provide distinct answers to the chosen security questions.
Please wait a few moments and try again."
At no point does it tell you that your password is too long.
Edit: I should clarify the error appears after filling out the security questions section and hitting submit.