Developer Programs

Learn

Docs
Important notification about upcoming changes to the DMZ environment. Please read.

Multi-Factor Authentication Token User Inquiry

Enterprise SOAP API > API by Reference > Identity Management Service > Multi-Factor Authentication Token User Inquiry

MFA Token User Inquiry

MFA Token User Inquiry is a jXchange service designed to allow consumers to establish users in support of security codes generated by a credential. The credentials are generated by a hardware or software security token.

Message Flow

In jXchange, the MFA Token User Inquiry service uses a typical exchange of MType messages to allow consumers to establish users in support of security codes generated by a credential.

Primary Request

The consumer forwards the MFATokenUsrInqRq_MType message to the service provider.

The message contains the following simple elements:

  • ActIntent
  • UsrName

The message contains the following complex elements:

  • Custom_CType
  • MsgRqHdr_CType

Primary Response

The service provider returns the MFATokenUsrInqRs_MType message to the consumer.

The message contains the following simple elements:

  • ActIntent
  • ActIntentKey
  • UsrName

The message contains the following complex elements:

  • Custom_CType
  • MFATokenUsrInqRec_CType
  • MsgRsHdr_CType

MFA Token User Inquiry Behavior

The MFA Token User Inquiry service behavior is as follows.

The MFA Token User Inquiry root request (MFATokenUsrInqRq_MType) optionally includes the User Name (UsrName) and Activity Intention (ActIntent).

The User Name (UsrName) and Authentication User Credential (AuthenUsrCred_CType) are part of a documented choice statement where both are optional, but at least one is required.

The MFA Token User Inquiry root response (MFATokenUsrInqRs_MType) optionally includes the User Name (UsrName), Activity Intention (ActIntent), Activity Intention Key (ActIntentKey), and MFA Token User Inquiry Record complex (MFATokenUsrInqRec_CType).

The MFA Token User Inquiry Record complex (MFATokenUsrInqRec_CType) contains the MFA Token User Status (MFATokenUsrStat), User Creation Time / Date (UsrCrtTimeDt), PIN Exist Type (PINExistType), PIN Expiration Type (PINExpType), PIN Expiration Time Date (PINExpTimeDt), and MFA Token User Array (MFATokenUsrArray_AType).

The MFA Token User Array (MFATokenUsrArray_AType) contains the MFA Token User Information complex (MFATokenUsrInfo_CType) which encapsulates the Token Identifier (TokenId), User Token Status (UsrTokenStat), User Token Type (UsrTokenType), Temporary Password Expiration Time Date (TempPswdExpTimeDt), Temporary Password Usage Type (TempPswdUseType), User Token Update Time Date (UsrTokenUpdTimeDt), User Token Description (UsrTokenDesc), Last Authentication Time Date (LastAuthenTimeDt), and Last Transaction Receipt Identifier (LastTrnRcptId).

The standard inquiry message tenets are applicable.

Adhere to the tenets for fault reporting.

Adhere to the tenets related to the correlation identifications.

Adhere to the tenets related to the concurrency models.

MFATokenUsrInqRq_MType

MFATokenUsrInqRq_MType is a message MType element.

Contains:

  • Custom_CType
  • MsgRqHdr_CType

Simple Elements

The following simple elements are contained within this message.

ActIntent
Conveys the consumer intention for a subsequent operation for the data set included in the response. Canonical values are:
  • Dlt
  • ReadOnly
  • Upd

The default value is ReadOnly.

UsrName
The common name. This is the full text line name like John Doe.

Custom_CType

Custom_CType is a complex CType element.

This element is optional.

MsgRqHdr_CType

MsgRqHdr_CType is a complex CType element. This is the default message request header.

Contains:

  • AuthenUsrCred_CType
  • jXchangeHdr_CType

Simple Elements

The following simple elements are contained within this complex.

AuthenProdCred
Authentication of the Consumer Product Credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.

AuthenUsrCred_CType

AuthenUsrCred_CType is a complex CType element. This element represents authentication of the end-user credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.

Simple Elements

The following simple elements are contained within this complex.

Security
Defines the wsse:Security SOAP header element per section 4.

jXchangeHdr_CType

jXchangeHdr_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

AuditUsrId
The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerName
The name of the service consumer (business name) for the Soap Header Fault.
ConsumerProd
The name of the product which is consuming the service (business product name) for the Soap Header Fault.
InstEnv
An identification provided by the consumer that defines the environment in which the institution is operating. Canonical values are:
  • Prod
InstRtId
The identification of the entity of the submitted message. A financial institution entity uses the routing transit or nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution entity should use a mutually agreed upon identification that must contain at least one non-integer character. The canonical value is JHA.

The element is required in all message requests.

jXLogTrackingId
An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
JxVer
Contains the version jXchange is running for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

MFATokenUsrInqRs_MType

MFATokenUsrInqRs_MType is a message MType element.

Contains:

  • Custom_CType
  • MFATokenUsrInqRec_CType
  • MsgRsHdr_CType

Simple Elements

The following simple elements are contained within this message.

ActIntent
Conveys the consumer intention for a subsequent operation for the data set included in the response. Canonical values are:
  • Dlt
  • ReadOnly
  • Upd

The default value is ReadOnly.

ActIntentKey
The service provider key that is delivered to the consumer to be submitted in a subsequent modification operation.
UsrName
The common name. This is the full text line name like John Doe.

Custom_CType

Custom_CType is a complex CType element.

This element is optional.

MsgRsHdr_CType

MsgRsHdr_CType is a complex CType element. This is the default message response header.

Contains:

  • jXchangeHdr_CType
  • MsgRecInfoArray_AType

jXchangeHdr_CType

jXchangeHdr_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

AuditUsrId
The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerName
The name of the service consumer (business name) for the Soap Header Fault.
ConsumerProd
The name of the product which is consuming the service (business product name) for the Soap Header Fault.
InstEnv
An identification provided by the consumer that defines the environment in which the institution is operating. Canonical values are:
  • Prod
InstRtId
The identification of the entity of the submitted message. A financial institution entity uses the routing transit or nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution entity should use a mutually agreed upon identification that must contain at least one non-integer character. The canonical value is JHA.

The element is required in all message requests.

jXLogTrackingId
An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
JxVer
Contains the version jXchange is running for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

MsgRecInfoArray_AType

MsgRecInfoArray_AType is an array AType element. This is an array of messages that can be returned in a response.

Contains:

  • MsgRec_CType
MsgRec_CType

MsgRec_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

ErrCat
The Soap Header Fault error category.
ErrCode
The error code.
ErrDesc
The Soap Header Fault error description.
ErrElem
The Soap Header Fault when an error or fault occurs. This optional element contains the element which is causing the error condition.
ErrElemVal
The Soap Header Fault when an error or fault occurs. This optional element contains the value of the element which is causing the error condition.
ErrLoc
The Soap Header Fault error location. This is typically the program that generated the error condition.

MFATokenUsrInqRec_CType

MFATokenUsrInqRec_CType is a complex CType element. It contains one or more optional complex elements used to define the loan account identified in the account inquiry request.

Contains:

  • MFATokenUsrArray_AType

Simple Elements

The following simple elements are contained within this complex.

MFATokenUsrStat
What is the status of the user binded with a token? Canonical values are:
  • Act
  • Disable
  • Lock
PINExistType
Has the user been assigned a PIN? Canonical values are:
  • true
  • false
PINExpTimeDt
The date and time that a PIN expires. This is expressed in ISO 8601 time format and should contain either Zulu time or local time and the UTC offset. The format is [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]. Valid values include:
  • 2001-10-26T21:32:52
  • 2001-10-26T19:32:52Z
  • 2001-10-26T19:32:52+00:00
  • -2001-10-26T21:32:52
  • 2001-10-26T21:32:52.12679

The following examples all represent the same moment:

  • 18:30Z
  • 22:30+04
  • 1130-0700
  • 15:00-3:30

See http://books.xmlschemata.org/relaxng/ch19-77049.html for additional reference.

PINExpType
Has the user PIN expired? Canonical values are:
  • true
  • false
UsrCrtTimeDt
The time date stamp a user was created.

MFATokenUsrArray_AType

MFATokenUsrArray_AType is an array AType element. This is an array of responses of the MFA token users.

Contains:

  • MFATokenUsrInfo_CType
MFATokenUsrInfo_CType

MFATokenUsrInfo_CType is a complex CType element.

Contains:

  • Custom_CType
Simple Elements

The following simple elements are contained within this complex.

LastAuthenTimeDt
The last date/time stamp a user was authenticated. This is expressed in ISO 8601 time format and should contain either Zulu time or local time and the UTC offset. The format is [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]. Valid values include:
  • 2001-10-26T21:32:52
  • 2001-10-26T19:32:52Z
  • 2001-10-26T19:32:52+00:00
  • -2001-10-26T21:32:52
  • 2001-10-26T21:32:52.12679

The following examples all represent the same moment:

  • 18:30Z
  • 22:30+04
  • 1130-0700
  • 15:00-3:30

See http://books.xmlschemata.org/relaxng/ch19-77049.html for additional reference.

LastTrnRcptId
The receipt provided for a successful transaction entry.
TempPswdExpTimeDt
The date and time that a temporary password expires. This is expressed in ISO 8601 time format and should contain either Zulu time or local time and the UTC offset. The format is [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]. Valid values include:
  • 2001-10-26T21:32:52
  • 2001-10-26T19:32:52Z
  • 2001-10-26T19:32:52+00:00
  • -2001-10-26T21:32:52
  • 2001-10-26T21:32:52.12679

The following examples all represent the same moment:

  • 18:30Z
  • 22:30+04
  • 1130-0700
  • 15:00-3:30

See http://books.xmlschemata.org/relaxng/ch19-77049.html for additional reference.

TempPswdUseType
The temporary password usage type. Canonical values are:
  • NoExp
  • OneTime
TokenId
The identifier assigned to a token.
UsrTokenDesc
A human-readable description assigned to a user token.
UsrTokenStat
What is the status of the token bound to a specific user? Canonical values are:
  • Act
  • InAct
  • Del
  • Init
  • Disable
  • Lock
UsrTokenType
The user directory token type. Canonical values are:
  • Email
  • KeyFOB
  • LapTop
  • MobPhone
  • TempPswd
UsrTokenUpdTimeDt
The date and time that a user token updated. This is expressed in ISO 8601 time format and should contain either Zulu time or local time and the UTC offset. The format is [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]. Valid values include:
  • 2001-10-26T21:32:52
  • 2001-10-26T19:32:52Z
  • 2001-10-26T19:32:52+00:00
  • -2001-10-26T21:32:52
  • 2001-10-26T21:32:52.12679

The following examples all represent the same moment:

  • 18:30Z
  • 22:30+04
  • 1130-0700
  • 15:00-3:30

See http://books.xmlschemata.org/relaxng/ch19-77049.html for additional reference.

Custom_CType

Custom_CType is a complex CType element.

This element is optional.


Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Mon Jan 24 2022