<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>The only place I found that the server tells the client that <CLIENTUID> is required is in the account profile response (I can see it in a Quicken ofx log file). Ideally, the client (KMM) would request a profile of the account, see that <CLIENTUID> is required, and from then on include it in sign on messages.<BR> <BR>libofx does not support account profiles. So you "just have to know" whether to use the <CLIENTUID> for any particular account. I have not tried sending a <CLIENTUID> to a server that does not require it.<BR> <BR>I have successfully used header 102 and 103 with the <CLIENTUID>, though I did see the same note about 103 being required. KMM supports both, so that's not a problem.<br> <BR><div>> Date: Thu, 10 Dec 2015 10:49:27 -0500<br>> From: ostroffjh@users.sourceforge.net<br>> To: kmymoney-devel@kde.org<br>> Subject: Re: [Kmymoney-devel] libOFX question (relates to recent OFX failures with Chase credit card downloads)<br>> <br>> I only see an error in that, not a request for anything. My best <br>> current understanding is that Chase does not explicitly request <br>> <CLIENTUIDREQ> but expects it to be included in the client's request. <br>> Also, a minor note, but you need to use version 103 instead of 102. <br>> Apparently CLIENTUID is not included in 102, and allowed (but not <br>> required) in 103.<br>> <br>> It appears to me (unless there is part of the OFX handshake not put <br>> into the log file) that Chase is not explicitly requesting the <br>> CLIENTUID, but if it is not present, then it simply fails to generate <br>> the message to the secure message center, but doesn't actually realize <br>> anything has gone wrong.<br>> <br>> Thomas - am I correct that KMM 4.x can only use aqbanking < 5.0? If <br>> so, I can't test it, since 5.0.25 is the lowest version still available <br>> in Gentoo. (I suppose I could compile from source, but prefer not to <br>> for now.) I do have 5.0.25 installed, but I can't figure out how to <br>> configure it, and it also doesn't look like the cli will allow me to <br>> test this particular issue. I suppose I might have to install one of <br>> the other finance tools (skrooge or gnucash?) to see if they will use <br>> the new aqbanking, including the CLIENTUID.<br>> <br>> Jack<br>> <br>> On 2015.12.10 09:43, Michael Wolfe wrote:<br>> > I just saw a request for the OFX data that Chase sends; here is a <br>> > copy of the response I got from Chase after trying (and failing) to <br>> > download OFX data:<br>> > <br>> > response:<br>> > OFXHEADER:100<br>> > DATA:OFXSGML<br>> > VERSION:102<br>> > SECURITY:NONE<br>> > ENCODING:USASCII<br>> > CHARSET:1252<br>> > COMPRESSION:NONE<br>> > OLDFILEUID:NONE<br>> > NEWFILEUID:20151210083844.000<br>> > <br>> > <OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR<MESSAGE>Please <br>> > verify your identity within the next 7 days. Using your desktop <br>> > computer, go to your bankӳ website and visit the Secure Message <br>> > Center for <br>> > instructions.</STATUS><DTSERVER>20151210093848.702[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS></SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS><TRNUID>20151210083844.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS><CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX><br>> > Completed<br>> > <br>> > Grabbed from the 'ofxlog.txt' file.<br>> > <br>> > -Mike<br>> > <br>> > <br>> > On 12/10/2015 8:20 AM, Michael Wolfe wrote:<br>> >> As a side note, I am also having this problem; I wasn't aware that <br>> >> there was something Chase was expecting KMyMoney to send back.<br>> >> <br>> >> If anyone needs testing for a fix with Chase Bank, I'm available to <br>> >> do so if there's a testing version available for Windows (or <br>> >> alternatively some handholding with a code patch so I can build it <br>> >> myself!).<br>> >> <br>> >> -Mike Wolfe<br>> >> wolfemi1@gmail.com<br>> >> <br>> >> On 12/10/2015 4:53 AM, Thomas Baumgart wrote:<br>> >>> Hi,<br>> >>> <br>> >>> On Wednesday 09 December 2015 19:38:08 Jack wrote:<br>> >>> <br>> >>>> Some of you may have seen some other posts I've made about this, <br>> >>>> but I<br>> >>>> think I've tracked down the problem.<br>> >>> Thanks for the information. That helped a lot to identify what's <br>> >>> going on.<br>> >>> <br>> >>>> Background: last month Chase credit cards made a "security <br>> >>>> enhancement"<br>> >>>> change that has made all OFX downloads since 11/17 fail. The error<br>> >>>> message says to got to the Chase secure message center for info on <br>> >>>> how<br>> >>>> to verify your identity, but no such message ever appears. The <br>> >>>> section<br>> >>>> at<br>> >>>> http://wiki.gnucash.org/wiki/Setting_up_OFXDirectConnect_in_GnuCash_2#Chase_<br>> >>>> .22username_or_password_are_incorrect.22 indicates the need for <br>> >>>> using a UID<br>> >>>> (user id) within the OFX request. It looks like they associate <br>> >>>> that user<br>> >>>> UID with the account, probably to limit access. However, the <br>> >>>> first time<br>> >>>> they see a UID on an OFX request, they should generate a PIN and <br>> >>>> send it to<br>> >>>> your account at their Secure Message Center. You then use that <br>> >>>> PIN on<br>> >>>> another page the message links to. I suppose since KMM isn't <br>> >>>> sending the<br>> >>>> UID, they don't generate that message.<br>> >>>> <br>> >>>> So - I don't see any place in KMM for a user UID. In fact, looking<br>> >>>> into the libOFX source, I see the UUID type defined, but no element<br>> >>>> defined as that type which looks like a user id. Can someone <br>> >>>> confirm<br>> >>>> this is correct, and if so, does this need to be brought up on the<br>> >>>> libOFX list before there is anything that KMM can do? (Other forum<br>> >>>> messages I've seen seem to indicate that aqbanking can handle <br>> >>>> this, so<br>> >>>> I'll see if I can get this set up, but I hate to spin my wheels if<br>> >>>> someone can provide a more definitive answer.<br>> >>> I took a look into the OFX spec (version 2.1.1) and found chapter <br>> >>> 2.5.1.1.1<br>> >>> "Client Unique ID <CLIENTUID>". In short, this is a uid generated <br>> >>> by the<br>> >>> client (KMyMoney). Here's the paragraph of the spec (© 2006 Intuit <br>> >>> Inc.,<br>> >>> Microsoft Corp., CheckFree Corp. All rights reserved):<br>> >>> <br>> >>> ---8<---<br>> >>> OFX servers can require OFX clients to include a client ID in each <br>> >>> signon<br>> >>> request. This client ID should be unique to the installation of the <br>> >>> client<br>> >>> software, but the method that the ID is generated is left up to the <br>> >>> client.<br>> >>> The server can specify that this field is required using the <br>> >>> <CLIENTUIDREQ><br>> >>> tag in the applicable <SIGNONINFO> section of the profile. Servers <br>> >>> should<br>> >>> expect that users may connect via OFX from multiple locations and <br>> >>> may need to<br>> >>> associate more than one <CLIENTUID> value with their <USERID>.<br>> >>> ---8<---<br>> >>> <br>> >>> Would be interesting, if you see the CLIENTUIDREQ in the SIGNONINFO <br>> >>> message of<br>> >>> the server. One can (at least could) enable logging for OFX traffic <br>> >>> in some<br>> >>> way. Don't know, if that is still available. Will have to check.<br>> >>> <br>> >>> <br>> >>> <br>> >>> <br>> >>> _______________________________________________<br>> >>> KMyMoney-devel mailing list<br>> >>> KMyMoney-devel@kde.org<br>> >>> https://mail.kde.org/mailman/listinfo/kmymoney-devel<br>> >> <br>> > <br>> <br>> ------quoted attachment------<br>> > _______________________________________________<br>> > KMyMoney-devel mailing list<br>> > KMyMoney-devel@kde.org<br>> > https://mail.kde.org/mailman/listinfo/kmymoney-devel<br>> > <br>> _______________________________________________<br>> KMyMoney-devel mailing list<br>> KMyMoney-devel@kde.org<br>> https://mail.kde.org/mailman/listinfo/kmymoney-devel<br></div> </div></body>
</html>