This topic describes the secure CME Globex logon process and scenarios for iLink and Drop Copy including:
...
- Message confidentiality and integrity - to credential the logon message, the client system sends a keyed-hash message authentication code (HMAC) generated from a combination of the logon FIX tag values. When CME Globex receives the logon message, it uses the identical inputs to calculate the HMAC value to validate against the logon request. If the values do not match, CME Globex rejects the logon.
Noteinfo |
---|
iLink and Drop Copy customers must use the logon procedure for all CME Group markets, including Partner Exchange markets hosted on the CME Globex platform. |
Noteinfo |
---|
Customers must create secure key pairs for iLink and Drop Copy Sessions in the CME Customer Center. |
Info |
---|
For more information on HMAC, please refer to: |
...
Certification via AutoCert+ is required for the CME Globex API secure logon. An iLink and Drop Copy certification suite is currently available in AutoCert+.
...
Panel | ||||
---|---|---|---|---|
| ||||
When a customer creates a secure key pair, the credentials can be viewed and downloaded in the CME Customer Center.
For security reasons, CME Group requires customers to change their security credentials every 12 months. Notification regarding pending security credential expiration will be sent to registered administrators.
|
Logon Procedure
This section describes the steps to sign a logon request to iLink and Drop Copy. These steps are:
...
FIX tag values must be assembled in this order and values concatenated into a single string delimited by the new line character (i.e. ‘\n’).
Noteinfo |
---|
Only the tag value—not the tag number—must be used for the calculation of HMAC signature. Example: where tag 34=<999>, use only '999'. |
...
- HMAC authentication response contains incorrect SenderCompID
- 58=Invalid Logon. Logout Forced
- HMAC authentication response fails because HMAC Signature does not match
- 58=Invalid Logon. Logout Forced
- HMAC authentication response fails because Access Key ID does not match
- 58=Invalid Logon. Logout Forced
- HMAC authentication response contains incorrect SenderCompID
Noteinfo |
---|
Invalid Logon (tag 35=A) due to HMAC authentication will be counted towards Automated iLink Port Closure. |
...
iLink and Drop Copy logon requests must reach CME Globex within 5 seconds to prevent a stale logon. Timestamps (tag 52-SendingTime) submitted by the client system in the Logon (tag 35-MsgTpe=A) message older than 5 seconds will be rejected. CME Globex will send a Logout (tag 35-MsgType=5) message to the client system.
Info |
---|
To ensure the timestamp value submitted in tag 52 is current, CME Group strongly recommends the following Network Time Protocol guidelines. |
Logon Scenarios
Client systems use the Logon (tag 35-MsgType=A) message for authentication with CME Globex. There are three Logon scenarios:
...
Info |
---|
If there is a logon failure, the client system must reset the inbound and outbound sequence number to '1' until the client system establishes a successful Beginning of Week Logon. |
Noteinfo |
---|
The client system must submit the Logon message within 60 seconds after establishing a TCP/IP connection. If the client system does not submit the Logon message within 60 seconds, the TCP/IP socket connection is assumed to be stale and the socket is closed. |
See also: Session Layer - Fault Tolerance for a discussion of setting the Fault Tolerance Indicator (FTI) at logon and failover scenarios.
...
Gliffy | ||||||
---|---|---|---|---|---|---|
|
In-Session Logon
Note | |
---|---|
Info | |
Warning | In-Session Logon should only be used to recover from catastrophic failure, since all messages sent prior to the reset will not be recoverable.. |
Info |
---|
The client system must send a Test Request (tag 35-MsgType=1) message before sending an In-Session Logon (tag 35-MsgType=A) message. If not sent in that order, the client system may lose messages that cannot be requested again as the sequence number may be reset to '1' for both parties, client and CME Globex. |
...