Credential Policy Inquiry
Credential Policy Inquiry is a jXchange service designed to provide the consumer with the IMS provider's credential policies.
Message Flow
In jXchange, the Credential Policy Inquiry service uses a typical exchange of
MType
messages to provide the IMS provider's credential policies.
Primary Request
The Third Party Consumer forwards the CredPolInqRq_MType
message to the
Service Provider. The message contains:
- IMSOrgId
Primary Response
The Service Provider returns the CredPolInqRs_MType
message to the Third
Party Consumer. The message contains an echo of the requested element, along with multiple
complexes.
Credential Policy Inquiry Behavior
The CredPolInqRq_MType
message request optionally allows for an IMSOrgId, if needed. The
default organization is the organization used in the routing of the message.
The CredPolInqRs_MType
response message returns the credential policies as
related to the password (PswdPolInfo_CType
) and the IMS subject
(IMSSubjPolInfo_CType
). The absence of any of the optional elements conveys
that those policies are not enforced.
The two complexes encapsulate an array to convey special characters
(SpecCharRstrArray_AType
) that are restricted from the password and the IMS
subject.
CredPolInqRq_MType
CredPolInqRq_MType
is a message
MType
element.
Contains:
Custom_CType
MsgRqHdr_CType
Simple Elements
The following simple elements are contained within this message.
- IMSOrgId
- The identification assigned to an organization in IMS. An organization that is a financial institution entity should use the routing transit or ABA nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution uses a mutually agreed upon identification that must contain at least one non-integer character.
Custom_CType
Custom_CType
is a complex CType
element.
This element is optional.
MsgRqHdr_CType
MsgRqHdr_CType
is a complex CType
element. This is the default
message request header.
Contains:
AuthenUsrCred_CType
jXchangeHdr_CType
Simple Elements
The following simple elements are contained within this complex.
- AuthenProdCred
- Authentication of the Consumer Product Credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.
AuthenUsrCred_CType
AuthenUsrCred_CType
is a complex CType
element. This element represents authentication of the end-user credentials in
the form of a WS Security element that contains a single SAML V2.0
Assertion.
Simple Elements
The following simple elements are contained within this complex.
- Security
- Defines the wsse:Security SOAP header element per section 4.
jXchangeHdr_CType
jXchangeHdr_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- AuditUsrId
- The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
- AuditWsId
- The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
- AuthenUsrId
- The user ID which the consumer would like the service provider to authenticate with
for the Soap Header Fault. It is a user ID that the provider understands.
This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header
SrchMsgRqHdr_CType
and the Message Request HeaderMsgRqHdr_CType
. AuthenUsrId is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security. - BusCorrelId
- The correlation identification as related to business functions and activities.
- ConsumerName
- The name of the service consumer (business name) for the Soap Header Fault.
- ConsumerProd
- The name of the product which is consuming the service (business product name) for the Soap Header Fault.
- InstEnv
- An identification provided by the consumer that defines the environment in which the
institution is operating. Canonical values are:
- Prod
- InstRtId
- The identification of the entity of the submitted message. A
financial institution entity uses the routing transit or nine-digit number assigned to
financial institutions for routing as assigned by the American Bankers Association. Any
leading zeros must be provided for a complete routing and transit number. A
non-financial institution entity should use a mutually agreed upon identification that
must contain at least one non-integer character.
The element is required in all message requests.
- jXLogTrackingId
- An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
- JxVer
- Contains the version jXchange is running for the Soap Header Fault.
- ValidConsmName
- The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
- ValidConsmProd
- The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
- WorkflowCorrelId
- The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
- AuthenUserId
- This element deprecates in three years in accordance with XSD contract tenets.
Effective date: 2012–01–01. The new complex element for user authentication credentials
was added to the Search Message Request Header,
SrchMsgRqHdr_CType,
and the Message Request Header,MsgRqHdr_CType
.AuthenUsrId
is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established byWS-Security
.
CredPolInqRs_MType
CredPolInqRs_MType
is a mesage
MType
element.
Contains:
Custom_CType
IMSSubjPolInfo_CType
MsgRsHdr_CType
PswdPolInfo_CType
Simple Elements
The following simple elements are contained within this message.
- IMSOrgId
- The identification assigned to an organization in IMS. An organization that is a financial institution entity should use the routing transit or ABA nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution uses a mutually agreed upon identification that must contain at least one non-integer character.
Custom_CType
Custom_CType
is a complex CType
element.
This element is optional.
IMSSubjPolInfo_CType
IMSSubjPolInfo_CType
is a complex
CType
element.
Contains:
SpecCharRstrArray_AType
Simple Elements
The simple elements contained within this complex are listed below.
- IMSSubjRegEx
- The IMS providers pattern required for a user name as expressed as a regular expression. The pattern consists of constants and operators as defined by the formal language theory in a regular expression.
- MaxLenCharVal
- The maximum number of characters that the credential type should contain.
- MinLenCharVal
- The minimum number of characters that the credential type should contain.
SpecCharRstrArray_AType
SpecCharRstrArray_AType
is an array
AType
element. This is an array of special characters not
allowed for a credential type.
Contains:
SpecCharRstrRec_CType
SpecCharRstrRec_CType
SpecCharRstrRec_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- SpecCharRstrType
- Special character types restricted for credential types.
MsgRsHdr_CType
MsgRsHdr_CType
is a complex
CType
element. This is the default message response
header.
Contains:
jXchangeHdr_CType
MsgRecInfoArray_AType
jXchangeHdr_CType
jXchangeHdr_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- AuditUsrId
- The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
- AuditWsId
- The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
- AuthenUsrId
- The user ID which the consumer would like the service provider to authenticate with
for the Soap Header Fault. It is a user ID that the provider understands.
This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header
SrchMsgRqHdr_CType
and the Message Request HeaderMsgRqHdr_CType
. AuthenUsrId is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security. - BusCorrelId
- The correlation identification as related to business functions and activities.
- ConsumerName
- The name of the service consumer (business name) for the Soap Header Fault.
- ConsumerProd
- The name of the product which is consuming the service (business product name) for the Soap Header Fault.
- InstEnv
- An identification provided by the consumer that defines the environment in which the
institution is operating. Canonical values are:
- Prod
- InstRtId
- The identification of the entity of the submitted message. A
financial institution entity uses the routing transit or nine-digit number assigned to
financial institutions for routing as assigned by the American Bankers Association. Any
leading zeros must be provided for a complete routing and transit number. A
non-financial institution entity should use a mutually agreed upon identification that
must contain at least one non-integer character.
The element is required in all message requests.
- jXLogTrackingId
- An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
- JxVer
- Contains the version jXchange is running for the Soap Header Fault.
- ValidConsmName
- The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
- ValidConsmProd
- The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
- WorkflowCorrelId
- The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
- AuthenUserId
- This element deprecates in three years in accordance with XSD contract tenets.
Effective date: 2012–01–01. The new complex element for user authentication credentials
was added to the Search Message Request Header,
SrchMsgRqHdr_CType,
and the Message Request Header,MsgRqHdr_CType
.AuthenUsrId
is ignored by the service providers when the authentication user credentialsAuthenUsrCred_CType
package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established byWS-Security
.
MsgRecInfoArray_AType
MsgRecInfoArray_AType
is an array
AType
element. This is an array of messages that can be
returned in a response.
Contains:
MsgRec_CType
MsgRec_CType
MsgRec_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- ErrCat
- The Soap Header Fault error category.
- ErrCode
- The Soap Header Fault error code.
- ErrDesc
- The Soap Header Fault error description.
- ErrElem
- The Soap Header Fault when an error or fault occurs. This optional element contains the element which is causing the error condition.
- ErrElemVal
- The Soap Header Fault when an error or fault occurs. This optional element contains the value of the element which is causing the error condition.
- ErrLoc
- The Soap Header Fault error location. This is typically the program that generated the error condition.
PswdPolInfo_CType
PswdPolInfo_CType
is a complex
CType
element.
Contains:
SpecCharRstrArray_AType
Simple Elements
The simple elements contained within this complex are listed below.
- MaxLenCharVal
- The maximum number of characters that the credential type should contain.
- MinAlphaCharVal
- The minimum number of alphabetic characters (lower-case and upper-case) that the credential type can contain.
- MinLenCharVal
- The minimum number of characters that the credential type should contain.
- MinLowCaseVal
- The least number of lower case characters that the credential type can contain.
- MinNumCharVal
- The minimum number of numeric characters (0 through 9) that the credential type can contain.
- MinSpecCharVal
- The least number of special characters that the credential type can contain.
- MinUpCaseVal
- The minimum number of upper case characters that the credential type can contain.
- PswdRegEx
- The IMS providers pattern required for a password as expressed as a regular expression. The pattern consists of constants and operators as defined by the formal language theory in a regular expression.
SpecCharRstrArray_AType
SpecCharRstrArray_AType
is an array
AType
element. This is an array of special characters not
allowed for a credential type.
Contains:
SpecCharRstrRec_CType
SpecCharRstrRec_CType
SpecCharRstrRec_CType
is a complex
CType
element.
Simple Elements
The following simple elements are contained within this complex.
- SpecCharRstrType
- Special character types restricted for credential types.