Fehler Sparkasse pushTAN 2.0 Verfahren FinTS #453
Comments
|
Hallo, vermutlich hat deine Sparkasse auch die "Geräteerkennung" aktiviert, unsere hat das diese Woche ausgerollt: Wenn das der selbe Fall ist den ich aktuell habe dann brauchst du:
An der Stelle hoffe ich uns kann noch jemand helfen: Ich habe testweise die kundensystemId nach dem Login mit PushTAN ausgelesen, in der FinTs Klasse auf public geändert und direkt beschrieben, damit funktioniert der Ablauf dann ohne dass erneut nach TAN gefragt wird. |
|
Hello @wienen-it-dev , did you find any solution for this problem? I have tried what @Magellanth explained here and did not work with me: I have added this to login function: to the ensureSynchronized() function of course also changed the kundensystemId to public. tested and then the same error. |
|
Hi again, yes what I have done following the instructures of @Magellanth WORKED with me after changing to the live account bank. |
|
Hi Magellanth, vielen Dank für Deine schnelle Hilfe. Ein erster Versuch mit der dev-master Version war nicht erfolgreich (selber Fehler), obwohl $fints->persist() bereits genutzt wird. Ein zweiter Anlauf mit manuell angepasster kundensystemId steht noch aus. |
|
Hi @Magellanth, vielen Dank nochmals für Deine Hilfe. Allerdings besteht derselbe Fehler auch mit der dev-master Version und mit manuellem Setzen der kundensystemId. Auf https://www.f-i.de/fints wird allerdings Rückmeldecode 9391 genannt, welcher in der Fehlermeldung aus dem Eingangposting jedoch nicht enthalten ist. Könnte es sich noch um ein anderes Problem handeln? Oder gibt es mittlerweile eine weitere verfügbare Lösung? |
|
Hi @mmnasir, thank you very much for your comment. Unfortunately your solution didn't work for me after adding the kundensystemId to functions login() and ensureSynchronized(). Maybe I missed out a step? You mentioned you changed the kundensystemId to public. Why is it necessary, as it seems you only used kundensystemId within FinTs class? |
|
@Philipp91 Since |
|
Yes you're meant to use You also need |
|
@wienen-it-dev Can you post a stack trace? |
|
That's how I used it until now: to persist dialogs while querying for a TAN. So what would be a good point to persist it under normal circumstances? Maybe after any successful action? Is there no danger for any by-catch which would cause trouble when starting new sometime later? |
In my application, I persist when I'm completely done with the
There is a bit, if a previous operation got interrupted (like the user never entered the TAN) and the bank cleared the state on their end due to some timeout. To be fair, that risk is there even while you're just doing multi-step operations. That's what |
|
Thank you very much for the explanation! I will implement it that way, too, then. I did not know about |
|
Update on my productive setup: I changed the workaround with direct override of kundensystemId to the usage of persist(). //init finTs connection with a persistence string at the start of the code
$this->finTs = FinTs::new($options, $credentials, $this->bankingAccount->getPersistenceString());
if($this->bankingAccount->isPersisted()) {
//fresh start, forget any dialog that may have been persisted
$this->finTs->forgetDialog();
}
//do the work...
//end of script
$this->finTs->close();
$persistanceString = $this->finTs->persist(true);
//save this string...@Philipp91 I think the usage of persist should be integrated to the examples (at least i did not see it there). |
@Philipp91 Sorry right now I don't have a stack trace. I updated php-fints to dev-master (but with syntax modifications for PHP 7.4). Still getting the error below. Will it make an impact to update to PHP 8.3? The bank (Sparkasse) confirmed Geräteerkennung is active. 9050 (global): Die Nachricht enthält Fehler. |
|
Yes, an example of persist / forgetDialog would be great. My workflow is roughly described at the bottom, which has been working for quite a while with PushTAN / ChipTAN / NoTAN. Recently another bank account got another error below, which has not been resolved yet. Not sure if these errors are related, as bank statement import stopped working for three different bank accounts within the past few weeks. Appreciate any input how to solve these issues. Sie möchten sich "auf einem neuen Gerät anmelden"? Gehen Sie wie folgt vor: Stecken Sie Ihre Karte in den TAN-Generator und drücken Sie die Taste "TAN". Geben Sie den "Startcode XXXXXXXX" ein und bestätigen Sie mit der Taste "OK". Bitte nutzen Sie dieses Gerät: Kartennummer: *********XXXX workflow: $fints->getTanModes(); $tanMode->needsTanMedium(); $fints->getTanMedia($tanMode); if($tanMode == 900) // photoTAN does not require tanMedium $fints->selectTanMode($tanMode, $tanMedium); $login_result = $fints->login(); $login_needs_tan = $login_result->needsTan(); if($login_needs_tan) $getSepaAccounts = \Fhp\Action\GetSEPAAccounts::create(); $getStatement = \Fhp\Action\GetStatementOfAccount::create($sepaAccount, $from, $to); |
|
I am having trouble getting this to work, too. We share the same credentials for multiple bank accounts and when restoring the persisted instance I either get this: or this (Postbank just sent an empty response, as in zero bytes): I noticed the messageId being persisted and not destroyed by forgetDialog. Maybe that's the issue? |
|
This whole persisting thing feels so wrong and quirky... Can't we just get system id accessors? |
There are samples that use the persist APIs, though that's in the "middle" (between sending an action and submitting the TAN), whereas what we're discussing here is the "outside", i.e. how you persist the instance over longer periods of time, to execute completely new actions in the future without having to login from scratch. There is currently no sample like that, because all samples take the form of simple scripts that run from top to bottom. That said, it would indeed make sense to demonstrate how to integrate the library into a larger application with a long-term storage for persisted instances. Feel free to contribute such an example. |
No.
Is that the name of your TAN medium? Is that string part of your request? If so, in which field? Which method are you calling when this error happens? (That's why I asked for a stack trace, but feel free to just describe it.)
If you let it list available TAN media after receiving this error, does it list the one above? |
Assuming this happens in the |
Huh. Do they do this repeatedly/reproducibly?
Feel free to patch the library locally (inside your |
Yes. I would guess it's a bug on their side but a proper error message from them would help to debug my issue...
Alright. I already did the first part and it seems to work just fine. I'll leave it for a few days and create the PR then. Thanks for your help! I guess this whole thematic will pick up momentum soon when more and more banks require the system id to be handled. |
Hi Roben, I could then try it out (my getters and setters havent work last week, but i had no time to debug). Thank you in Advance. |
This string is provided by the exception, which is thrown. It looks more like an error code, as you can find same error message on google.
I managed to get a stack trace. Sorry it is not straight forward to get, as I don't have access to the bank account myself. #0 /nemiah/php-fints/lib/Fhp/FinTs.php(979): Fhp\Protocol\ServerException::detectAndThrowErrors()
I'll try to get this information later on. Thank you for your help. |
|
Wild guess: Let's say "Gerätebezeichnung" refers to the TanMedium. You might call Another wild guess: Code 9955 has a very particular meaning in the spec: "Ein-Schritt-TANVerfahren nicht zugelassen". Even though that doesn't match the error message that they send you, is it possible that you're somehow sending requests that indicate to the bank that you don't want to do 2-factor authentication, but the bank thinks you should, hence the error? I.e. do you not call |
Hi. There is not much to share. The only thing I did was making the property temporarily public ( When this approach has been tested for a few days I will revert my temporary change and create a PR with a proper getter and setter for the property. |
Thanks! Maybe it would be good idea to pass the |
|
As I just learned it's not that simple. (Is it ever?) You are not allowed to submit the @Philipp91 I think that's also what happened in #453 (comment). I always restored the persisted instance in my Wrapper, no matter what Action eventually was called. |
|
Then please post stack traces of your error. So far, I had assumed the Note that there's this call tree (simplified):
If you restore only the kundensystemId manually, you make it bypass the synchronization. If you persist fully, none of this runs because the allowedTanModes would have been persisted. Without stack traces, I'm unable to tell whether the errors you are seeing happen (a) during synchronization, in which case we should be able to fix them even if skipping the synchronization happens to work for you today, or (b) during your main operation after all of the above, and the error happens because you didn't freshly executing some of the above "thanks" to it being available from the persisted instance. |
|
Workaround - Saving the kundensystemId First, we save the kundensystemId when it becomes available: In this block (function processActionResponse), we're saving the kundensystemId to a file named kundensystemId.txt whenever it's available. This allows us to persist the ID for future use. Loading the kundensystemId Now, to load the saved kundensystemId when the object is constructed (function __construct): It's a bit of a quick and dirty solution, but it worked well for my needs, and hopefully, it can help you too. |
|
@Philipp91 Sorry, this was just FYI. I only wanted to explain my earlier issue. If "long time" |
@Philipp91 Thank you very much, yes it happened in handleStrongAuthentication. After implementing TAN input, it works. Before that I only implemented TAN input for tanRequest->getChallengeHhdUc() === true, but there are other cases which are relevant as well. For the other issue regarding Geräteerkennung I am still working on a solution. Seems recently many banks changed TAN-settings, as another error regarding handleDecoupled occured, which I haven't implemented yet. |
Das ist ein anderes Problem. Wir sollten ein separates Ticket dafür eröffnen (#458). Im phpFinTS-Code kommt heute |
Das könnte ein direktes Folgeproblem sein. Wenn die Bank |
@Philipp91 Thank you very much for your input. After implementing the workaround for kundensystemId suggested by @juppw, same error still occurs (stack trace at the bottom). The implemented workflow should be fine, as FinTs login was working for quite a while with different banks (Sparkasse, Volksbank, Raiffeisenbank)? As well as retrieving account statements and performing sepa transfers. Only recently errors occured. Decoupled authentication was not implemented before, but so far only handleStrongAuthentication() - handleTan() was needed. After decoupled authentication was activated by bank and added to our application, same error occured. Appreciate any more suggestions. Might working on #458 help in this case? 9050 (global): Die Nachricht enthält Fehler. #0 vendor/nemiah/php-fints/lib/Fhp/FinTs.php(969): Fhp\Protocol\ServerException::detectAndThrowErrors() |
@Philipp91 Vielen Dank, für den gesamten Login-Vorgang liegt nun ein Log vor. 9391 ist nicht in der Kommunikation enthalten. Hilft dies bei der Suche nach der Ursache weiter? Es scheint so, dass in der vorletzten Nachricht die Zeichenkodierung für "Alle Ger??te" nicht passt. Könnte dies das Problem sein, oder ist dies nur im Logging fehlerhaft?
|
|
Die Ursache für den Fehler "Die Gerätebezeichnung ist unbekannt. (MBV07390100255)" war tatsächlich die fehlerhafte Zeichenkodierung bei der Übermittlung des TanMediums. Mit der dev-master Version funktioniert pushTAN nun (OHNE Erweiterung für kundensystemId, da persist() bereits an den relevanten Stellen in unserer Anwendung implementiert ist). Vielen Dank nochmals an alle für die Unterstützung bei der Fehleranalyse. |
|
Vielen Dank! |
Hallo zusammen,
ich würde um Hilfe bitten bei folgendem Problem (ähnlicher Fall wie #423):
Allerdings diesmal beim Abruf von Kontoauszugs-Daten. An der Anwendung wurde keine Änderung vorgenommen seit der letzten erfolgreichen Nutzung.
TanMode (923) wird von der Bank zurückgeliefert und kann ausgewählt werden. TanMedium-Auswahl wird ebenfalls zurückgeliefert (smsTAN, pushTAN, chipTAN, Alle Geräte). Bei Auswahl von PushTAN oder Alle Geräte wird folgender Fehler von der Bank geliefert:
FinTS errors: 9050 (global): Die Nachricht enthält Fehler. 9800 (global): Dialog abgebrochen 9955 (wrt seg 4): Auftrag nicht ausgeführt - Die Gerätebezeichnung ist unbekannt. (MBV07390100255) FinTS warnings: 3905 (global): Es wurde keine Challenge erzeugt. 3920 (wrt seg 4): Zugelassene Zwei-Schritt-Verfahren für den Benutzer. [923] Request segments: HKVVB:4:3+16+0+0+XXXXXXXXXXXXXXXXXXXXXXXXX+1.0'
The text was updated successfully, but these errors were encountered: