The only place I found that the server tells the client that <CLIENTUID> is required is in the account profile response (I can see it in a Quicken ofx log file). Ideally, the client (KMM) would request a profile of the account, see that <CLIENTUID> is required, and from then on include it in sign on messages. libofx does not support account profiles. So you "just have to know" whether to use the <CLIENTUID> for any particular account. I have not tried sending a <CLIENTUID> to a server that does not require it. I have successfully used header 102 and 103 with the <CLIENTUID>, though I did see the same note about 103 being required. KMM supports both, so that's not a problem. > Date: Thu, 10 Dec 2015 10:49:27 -0500 > From: ostrof...@users.sourceforge.net > To: kmymoney-devel@kde.org > Subject: Re: [Kmymoney-devel] libOFX question (relates to recent OFX failures > with Chase credit card downloads) > > I only see an error in that, not a request for anything. My best > current understanding is that Chase does not explicitly request > <CLIENTUIDREQ> but expects it to be included in the client's request. > Also, a minor note, but you need to use version 103 instead of 102. > Apparently CLIENTUID is not included in 102, and allowed (but not > required) in 103. > > It appears to me (unless there is part of the OFX handshake not put > into the log file) that Chase is not explicitly requesting the > CLIENTUID, but if it is not present, then it simply fails to generate > the message to the secure message center, but doesn't actually realize > anything has gone wrong. > > Thomas - am I correct that KMM 4.x can only use aqbanking < 5.0? If > so, I can't test it, since 5.0.25 is the lowest version still available > in Gentoo. (I suppose I could compile from source, but prefer not to > for now.) I do have 5.0.25 installed, but I can't figure out how to > configure it, and it also doesn't look like the cli will allow me to > test this particular issue. I suppose I might have to install one of > the other finance tools (skrooge or gnucash?) to see if they will use > the new aqbanking, including the CLIENTUID. > > Jack > > On 2015.12.10 09:43, Michael Wolfe wrote: > > I just saw a request for the OFX data that Chase sends; here is a > > copy of the response I got from Chase after trying (and failing) to > > download OFX data: > > > > response: > > OFXHEADER:100 > > DATA:OFXSGML > > VERSION:102 > > SECURITY:NONE > > ENCODING:USASCII > > CHARSET:1252 > > COMPRESSION:NONE > > OLDFILEUID:NONE > > NEWFILEUID:20151210083844.000 > > > > <OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR<MESSAGE>Please > > > > verify your identity within the next 7 days. Using your desktop > > computer, go to your bankӳ website and visit the Secure Message > > Center for > > instructions.</STATUS><DTSERVER>20151210093848.702[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS></SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS><TRNUID>20151210083844.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS><CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX> > > Completed > > > > Grabbed from the 'ofxlog.txt' file. > > > > -Mike > > > > > > On 12/10/2015 8:20 AM, Michael Wolfe wrote: > >> As a side note, I am also having this problem; I wasn't aware that > >> there was something Chase was expecting KMyMoney to send back. > >> > >> If anyone needs testing for a fix with Chase Bank, I'm available to > >> do so if there's a testing version available for Windows (or > >> alternatively some handholding with a code patch so I can build it > >> myself!). > >> > >> -Mike Wolfe > >> wolfe...@gmail.com > >> > >> On 12/10/2015 4:53 AM, Thomas Baumgart wrote: > >>> Hi, > >>> > >>> On Wednesday 09 December 2015 19:38:08 Jack wrote: > >>> > >>>> Some of you may have seen some other posts I've made about this, > >>>> but I > >>>> think I've tracked down the problem. > >>> Thanks for the information. That helped a lot to identify what's > >>> going on. > >>> > >>>> Background: last month Chase credit cards made a "security > >>>> enhancement" > >>>> change that has made all OFX downloads since 11/17 fail. The error > >>>> message says to got to the Chase secure message center for info on > >>>> how > >>>> to verify your identity, but no such message ever appears. The > >>>> section > >>>> at > >>>> http://wiki.gnucash.org/wiki/Setting_up_OFXDirectConnect_in_GnuCash_2#Chase_ > >>>> .22username_or_password_are_incorrect.22 indicates the need for > >>>> using a UID > >>>> (user id) within the OFX request. It looks like they associate > >>>> that user > >>>> UID with the account, probably to limit access. However, the > >>>> first time > >>>> they see a UID on an OFX request, they should generate a PIN and > >>>> send it to > >>>> your account at their Secure Message Center. You then use that > >>>> PIN on > >>>> another page the message links to. I suppose since KMM isn't > >>>> sending the > >>>> UID, they don't generate that message. > >>>> > >>>> So - I don't see any place in KMM for a user UID. In fact, looking > >>>> into the libOFX source, I see the UUID type defined, but no element > >>>> defined as that type which looks like a user id. Can someone > >>>> confirm > >>>> this is correct, and if so, does this need to be brought up on the > >>>> libOFX list before there is anything that KMM can do? (Other forum > >>>> messages I've seen seem to indicate that aqbanking can handle > >>>> this, so > >>>> I'll see if I can get this set up, but I hate to spin my wheels if > >>>> someone can provide a more definitive answer. > >>> I took a look into the OFX spec (version 2.1.1) and found chapter > >>> 2.5.1.1.1 > >>> "Client Unique ID <CLIENTUID>". In short, this is a uid generated > >>> by the > >>> client (KMyMoney). Here's the paragraph of the spec (© 2006 Intuit > >>> Inc., > >>> Microsoft Corp., CheckFree Corp. All rights reserved): > >>> > >>> ---8<--- > >>> OFX servers can require OFX clients to include a client ID in each > >>> signon > >>> request. This client ID should be unique to the installation of the > >>> client > >>> software, but the method that the ID is generated is left up to the > >>> client. > >>> The server can specify that this field is required using the > >>> <CLIENTUIDREQ> > >>> tag in the applicable <SIGNONINFO> section of the profile. Servers > >>> should > >>> expect that users may connect via OFX from multiple locations and > >>> may need to > >>> associate more than one <CLIENTUID> value with their <USERID>. > >>> ---8<--- > >>> > >>> Would be interesting, if you see the CLIENTUIDREQ in the SIGNONINFO > >>> message of > >>> the server. One can (at least could) enable logging for OFX traffic > >>> in some > >>> way. Don't know, if that is still available. Will have to check. > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> KMyMoney-devel mailing list > >>> KMyMoney-devel@kde.org > >>> https://mail.kde.org/mailman/listinfo/kmymoney-devel > >> > > > > ------quoted attachment------ > > _______________________________________________ > > KMyMoney-devel mailing list > > KMyMoney-devel@kde.org > > https://mail.kde.org/mailman/listinfo/kmymoney-devel > > > _______________________________________________ > KMyMoney-devel mailing list > KMyMoney-devel@kde.org > https://mail.kde.org/mailman/listinfo/kmymoney-devel
_______________________________________________ KMyMoney-devel mailing list KMyMoney-devel@kde.org https://mail.kde.org/mailman/listinfo/kmymoney-devel
