Developer Programs

Learn

Docs
Important notification about upcoming changes to the DMZ environment. Please read.

Multi-Factor Authentication Token Inquiry

Enterprise SOAP API > API by Reference > Identity Management Service > Multi-Factor Authentication Token Inquiry

MFA Token Inquiry

MFA Token Inquiry is a jXchange service designed to allow consumers to establish tokens as related to an MFA user in support of security codes generated by a credential. These credentials are generated by a hardware or software security token.

Message Flow

In jXchange, the MFA Token Inquiry service uses a typical exchange of MType messages to allow consumers to establish tokens as related to an MFA user in support of security codes generated by a credential.

Primary Request

The consumer forwards the MFATokenInqRq_MType message to the service provider. The message contains the following simple elements:

  • ActIntent
  • TokenId
  • UsrName

Primary Response

The service provider returns the MFATokenInqRs_MType message to the consumer. The message contains the following simple element:

  • UsrName
  • TokenId
  • ActIntent
  • ActIntentKey

MFA Token Inquiry Behavior

The MFA Token Inquiry service behavior is as follows.

The MFA Token Inquiry root request (MFATokenInqRq_MType) requires a valid Token Identifier (TokenId).

The MFA Token Inquiry root request (MFATokenInqRq_MType) optionally includes the User Name (UsrName) and Activity Intention (ActIntent).

The User Name (UsrName) and Authentication User Credential (AuthenUsrCred_CType) are part of a documented choice statement whereas both are optional but at least one is required.

The JHA IMS Consumer uses the JHA IMS ADFS User Identifier claims primary SID attribute value as the User Name (UsrName).

Consumers not enrolled in JHA IMS should submit the hardware or software security token identifier as the User Name (UsrName).

The MFA Token Inquiry root response (MFATokenInqRs_MType) optionally includes the User Name (UsrName), Token Identifier (TokenId), Activity Intention (ActIntent), Activity Intention Key (ActIntentKey), and MFA Token Inquiry Information complex (MFATokenInqInfo_CType).

The MFA Token Inquiry Information complex (MFATokenInqInfo_CType) optionally includes the User Token Status (UsrTokenStat) and MFA Token Inquiry Array (MFATokenInqArray_AType).

The MFA Token Inquiry Array (MFATokenInqArray_AType) contains the MFA Token Inquiry Information Record (MFATokenInqInfoRec_CType) optionally includes the User Name (UsrName), MFA Token User Status (MFATokenUsrStat), User Token Description (UsrTokenDesc), Last Authentication Time Date (LastAuthenTimeDt), and Last Transaction Receipt Identifier (LastTrnRcptId).

The standard inquiry message tenets are applicable.

Adhere to the tenets for fault reporting.

Adhere to the tenets related to the correlation identifications.

Adhere to the tenets related to the concurrency models.

MFATokenInqRq_MType

MFATokenAddRq_MType is a message MType element.

Contains:

  • Custom_CType
  • MsgRqHdr_CType

Simple Elements

The following simple elements are contained within this message.

ActIntent
Conveys the consumer intention for a subsequent operation for the data set included in the response. Canonical values are:
  • Dlt
  • ReadOnly
  • Upd

The default value is ReadOnly.

TokenId
The identifier assigned to a token.
UsrName
The common name. This is the full text line name like John Doe.

Custom_CType

Custom_CType is a complex CType element.

This element is optional.

MsgRqHdr_CType

MsgRqHdr_CType is a complex CType element. This is the default message request header.

Contains:

  • AuthenUsrCred_CType
  • jXchangeHdr_CType
Simple Elements

The following simple elements are contained within this complex.

AuthenProdCred
Authentication of the Consumer Product Credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.
AuthenUsrCred_CType

AuthenUsrCred_CType is a complex CType element. This element represents authentication of the end-user credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.

Simple Elements

The following simple elements are contained within this complex.

Security
Defines the wsse:Security SOAP header element per section 4.
jXchangeHdr_CType

jXchangeHdr_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

AuditUsrId
The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerName
The name of the service consumer (business name) for the Soap Header Fault.
ConsumerProd
The name of the product which is consuming the service (business product name) for the Soap Header Fault.
InstEnv
An identification provided by the consumer that defines the environment in which the institution is operating. Canonical values are:
  • Prod
InstRtId
The identification of the entity of the submitted message. A financial institution entity uses the routing transit or nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution entity should use a mutually agreed upon identification that must contain at least one non-integer character. The canonical value is JHA.

The element is required in all message requests.

jXLogTrackingId
An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
JxVer
Contains the version jXchange is running for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
AuthenUserId
This element deprecates in three years in accordance with XSD contract tenets. Effective date: 2012–01–01. The new complex element for user authentication credentials was added to the Search Message Request Header, SrchMsgRqHdr_CType, and the Message Request Header, MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

MFATokenInqRs_MType

MFATokenInqRs_MType is a message MType element.

Contains:

  • Custom_CType
  • MFATokenInqInfo_CType
  • MsgRsHdr_CType

Simple Elements

The following simple elements are contained within this message.

ActIntent
Conveys the consumer intention for a subsequent operation for the data set included in the response. Canonical values are:
  • Dlt
  • ReadOnly
  • Upd

The default value is ReadOnly.

ActIntentKey
The service provider key that is delivered to the consumer to be submitted in a subsequent modification operation.
TokenId
The identifier assigned to a token.
UsrName
The common name. This is the full text line name like John Doe.

Custom_CType

Custom_CType is a complex CType element.

This element is optional.

MFATokenInqInfo_CType

MFATokenInqInfo_CType is a complex CType element.

Contains:

  • MFATokenInqArray_AType
Simple Elements

The following simple elements are contained within this complex.

UsrTokenStat
What is the status of the token bound to a specific user? Canonical values are:
  • Act
  • InAct
  • Del
  • Init
  • Disable
  • Lock
MFATokenInqArray_AType

MFATokenInqArray_AType is an array AType element. This is an array of responses of the MFA token inquiry.

Contains:

  • MFATokenInqInfoRec_CType
MFATokenInqInfoRec_CType

MFATokenInqInfoRec_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

LastAuthenTimeDt
The last date/time stamp a user was authenticated. This is expressed in ISO 8601 time format and should contain either Zulu time or local time and the UTC offset. The format is [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]. Valid values include:
  • 2001-10-26T21:32:52
  • 2001-10-26T19:32:52Z
  • 2001-10-26T19:32:52+00:00
  • -2001-10-26T21:32:52
  • 2001-10-26T21:32:52.12679

The following examples all represent the same moment:

  • 18:30Z
  • 22:30+04
  • 1130-0700
  • 15:00-3:30

See http://books.xmlschemata.org/relaxng/ch19-77049.html for additional reference.

LastTrnRcptId
The receipt provided for a successful transaction entry.
MFATokenUsrStat
What is the status of the user binded with a token? Canonical values are:
  • Act
  • Disable
  • Lock
UsrName
The common name. This is the full text line name like John Doe.
UsrTokenDesc
A human-readable description assigned to a user token.

MsgRsHdr_CType

MsgRsHdr_CType is a complex CType element. This is the default message response header.

Contains:

  • jXchangeHdr_CType
  • MsgRecInfoArray_AType
jXchangeHdr_CType

jXchangeHdr_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

AuditUsrId
The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerName
The name of the service consumer (business name) for the Soap Header Fault.
ConsumerProd
The name of the product which is consuming the service (business product name) for the Soap Header Fault.
InstEnv
An identification provided by the consumer that defines the environment in which the institution is operating. Canonical values are:
  • Prod
InstRtId
The identification of the entity of the submitted message. A financial institution entity uses the routing transit or nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution entity should use a mutually agreed upon identification that must contain at least one non-integer character. The canonical value is JHA.

The element is required in all message requests.

jXLogTrackingId
An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
JxVer
Contains the version jXchange is running for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
AuthenUserId
This element deprecates in three years in accordance with XSD contract tenets. Effective date: 2012–01–01. The new complex element for user authentication credentials was added to the Search Message Request Header, SrchMsgRqHdr_CType, and the Message Request Header, MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.
MsgRecInfoArray_AType

MsgRecInfoArray_AType is an array AType element. This is an array of messages that can be returned in a response.

Contains:

  • MsgRec_CType
MsgRec_CType

MsgRec_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

ErrCat
The Soap Header Fault error category.
ErrCode
The Soap Header Fault error code.
ErrDesc
The Soap Header Fault error description.
ErrElem
The Soap Header Fault when an error or fault occurs. This optional element contains the element which is causing the error condition.
ErrElemVal
The Soap Header Fault when an error or fault occurs. This optional element contains the value of the element which is causing the error condition.
ErrLoc
The Soap Header Fault error location. This is typically the program that generated the error condition.

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Mon Jan 24 2022