Multi-Factor Authentication Token Temporary Password Inquiry
MFATokenTempPswdInq
MFA Token Temporary Password Inquiry is a jXchange service designed to allow consumers to request a temporary password that can be used with a hardware or software security token.
Message Flow
In jXchange, the MFA Token Temporary Password Inquiry service uses a typical
exchange of MType
messages
to allow consumers to request a temporary password that can be used with a hardware or
software security token.
Primary Request
The consumer forwards the MFATokenTempPswdInqRq_MType
message to the service provider. The message contains the following simple elements:
- TempPswdUseType
- UsrName
Primary Response
The service provider returns the MFATokenTempPswdInqRs_MType
message to the consumer. The message contains the following simple element:
- TempPswd
- TempPswdUseType
- TempPswdExpTimeDt
MFA Token Temporary Password Inquiry Behavior
The MFA Token Temporary Password Inquiry service behavior is as follows.
The MFA Token Temporary Password Inquiry root request
(MFATokenTempPswdInqRq_MType
) optionally includes the User Name
(UsrName) and Temporary Password Usage Type
(TempPswdUseType).
Temporary Password Inquiry root response (MFATokenTempPswdInqRs_MType
)
optionally includes the Temporary Password (TempPswd), Temporary
Password Type (TempPswdUseType), and Temporary Password Expiration Time
Date (TempPswdExpTimeDt).
The standard inquiry message tenets are applicable.
Adhere to the tenets for fault reporting.
Adhere to the tenets related to the correlation identifications.
MFATokenTempPswdInqRq_MType
MFATokenTempPswdInqRq_MType
is a message
MType
element.
Contains:
Custom_CType
MsgRqHdr_CType
Simple Elements
The following simple elements are contained within this message.
- TempPswdUseType
- The temporary password usage type. Canonical values are:
- NoExp
- OneTime
- UsrName
- The common name. This is the full text line name like John Doe.
Custom_CType
Custom_CType
is a complex CType
element.
This element is optional.
MsgRqHdr_CType
MsgRqHdr_CType
is a complex CType
element. This is
the default message request header.
Contains:
AuthenUsrCred_CType
jXchangeHdr_CType
Simple Elements
The following simple elements are contained within this complex.
- AuthenProdCred
- Authentication of the Consumer Product Credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.
AuthenUsrCred_CType
AuthenUsrCred_CType
is a complex CType
element. This element represents authentication of the end-user credentials in
the form of a WS Security element that contains a single SAML V2.0
Assertion.
Simple Elements
The following simple elements are contained within this complex.
- Security
- Defines the wsse:Security SOAP header element per section 4.
jXchangeHdr_CType
jXchangeHdr_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- AuditUsrId
- The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
- AuditWsId
- The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
- AuthenUsrId
- The user ID which the consumer would like the service provider to authenticate with
for the Soap Header Fault. It is a user ID that the provider understands.
This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header
SrchMsgRqHdr_CType
and the Message Request HeaderMsgRqHdr_CType
. AuthenUsrId is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security. - BusCorrelId
- The correlation identification as related to business functions and activities.
- ConsumerName
- The name of the service consumer (business name) for the Soap Header Fault.
- ConsumerProd
- The name of the product which is consuming the service (business product name) for the Soap Header Fault.
- InstEnv
- An identification provided by the consumer that defines the environment in which the
institution is operating. Canonical values are:
- Prod
- InstRtId
- The identification of the entity of the submitted message. A
financial institution entity uses the routing transit or nine-digit number assigned to
financial institutions for routing as assigned by the American Bankers Association. Any
leading zeros must be provided for a complete routing and transit number. A
non-financial institution entity should use a mutually agreed upon identification that
must contain at least one non-integer character. The canonical value is
JHA.
The element is required in all message requests.
- jXLogTrackingId
- An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
- JxVer
- Contains the version jXchange is running for the Soap Header Fault.
- ValidConsmName
- The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
- ValidConsmProd
- The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
- WorkflowCorrelId
- The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
- AuthenUserId
- This element deprecates in three years in accordance with XSD contract tenets.
Effective date: 2012–01–01. The new complex element for user authentication credentials
was added to the Search Message Request Header,
SrchMsgRqHdr_CType
, and the Message Request Header,MsgRqHdr_CType
.AuthenUsrId
is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established byWS-Security
.
MFATokenTempPswdInqRs_MType
MFATokenTempPswdInqRs_MType
is a message
MType
element.
Contains:
Custom_CType
MsgRsHdr_CType
Simple Elements
The following simple elements are contained within this message.
- TempPswdExpTimeDt
- The date and time that a temporary password expires. This is expressed in
ISO 8601 time format and should contain either Zulu time or local time and the UTC
offset. The format is [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]. Valid
values include:
- 2001-10-26T21:32:52
- 2001-10-26T19:32:52Z
- 2001-10-26T19:32:52+00:00
- -2001-10-26T21:32:52
- 2001-10-26T21:32:52.12679
The following examples all represent the same moment:
- 18:30Z
- 22:30+04
- 1130-0700
- 15:00-3:30
See http://books.xmlschemata.org/relaxng/ch19-77049.html for additional reference.
- TempPswd
- The temporary password.
- TempPswdUseType
- The temporary password usage type. Canonical values are:
- NoExp
- OneTime
Custom_CType
Custom_CType
is a complex CType
element.
This element is optional.
MsgRsHdr_CType
MsgRsHdr_CType
is a complex
CType
element. This is the default message response
header.
Contains:
jXchangeHdr_CType
MsgRecInfoArray_AType
jXchangeHdr_CType
jXchangeHdr_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- AuditUsrId
- The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
- AuditWsId
- The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
- AuthenUsrId
- The user ID which the consumer would like the service provider to authenticate with
for the Soap Header Fault. It is a user ID that the provider understands.
This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header
SrchMsgRqHdr_CType
and the Message Request HeaderMsgRqHdr_CType
. AuthenUsrId is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security. - BusCorrelId
- The correlation identification as related to business functions and activities.
- ConsumerName
- The name of the service consumer (business name) for the Soap Header Fault.
- ConsumerProd
- The name of the product which is consuming the service (business product name) for the Soap Header Fault.
- InstEnv
- An identification provided by the consumer that defines the environment in which the
institution is operating. Canonical values are:
- Prod
- InstRtId
- The identification of the entity of the submitted message. A
financial institution entity uses the routing transit or nine-digit number assigned to
financial institutions for routing as assigned by the American Bankers Association. Any
leading zeros must be provided for a complete routing and transit number. A
non-financial institution entity should use a mutually agreed upon identification that
must contain at least one non-integer character. The canonical value is
JHA.
The element is required in all message requests.
- jXLogTrackingId
- An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
- JxVer
- Contains the version jXchange is running for the Soap Header Fault.
- ValidConsmName
- The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
- ValidConsmProd
- The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
- WorkflowCorrelId
- The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
- AuthenUserId
- This element deprecates in three years in accordance with XSD contract tenets.
Effective date: 2012–01–01. The new complex element for user authentication credentials
was added to the Search Message Request Header,
SrchMsgRqHdr_CType
, and the Message Request Header,MsgRqHdr_CType
.AuthenUsrId
is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established byWS-Security
.
MsgRecInfoArray_AType
MsgRecInfoArray_AType
is an array
AType
element. This is an array of messages that can be
returned in a response.
Contains:
MsgRec_CType
MsgRec_CType
MsgRec_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- ErrCat
- The Soap Header Fault error category.
- ErrCode
- The Soap Header Fault error code.
- ErrDesc
- The Soap Header Fault error description.
- ErrElem
- The Soap Header Fault when an error or fault occurs. This optional element contains the element which is causing the error condition.
- ErrElemVal
- The Soap Header Fault when an error or fault occurs. This optional element contains the value of the element which is causing the error condition.
- ErrLoc
- The Soap Header Fault error location. This is typically the program that generated the error condition.