{"type":"doc","content":[{"type":"paragraph","content":[{"text":"This topic describes the secure CME Globex logon process and scenarios for Drop Copy.","type":"text"}]},{"type":"paragraph","content":[{"text":"Contents","type":"text","marks":[{"type":"strong"}]}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"maxLevel":{"value":"6"},"minLevel":{"value":"1"},"include":{"value":""},"outline":{"value":"false"},"indent":{"value":""},"exclude":{"value":""},"style":{"value":"default"},"type":{"value":"list"},"printable":{"value":"true"},"class":{"value":""}},"macroMetadata":{"macroId":{"value":"58367abd-8b01-4b5f-9f38-b5f8455c225b"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"037598bb-b715-4add-984c-8da15bea4714"}},{"type":"heading","attrs":{"level":1},"content":[{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"anchor","parameters":{"macroParams":{"":{"value":"logon"},"legacyAnchorId":{"value":"DropCopy4.0SessionLayer-Logon-logon"}},"macroMetadata":{"macroId":{"value":"721d3c47c1b1483daa738e963ed008752a713cc14ae38c71f00af22200607ab5"},"schemaVersion":{"value":"1"},"title":"Anchor"}},"localId":"e04f0891-c2bb-440b-9436-e937fad87582"}},{"text":"CME Globex API Secure Logon","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"66e896ac-c9cf-4e55-8e59-f09469c25b5b"}}]}]},{"type":"paragraph","content":[{"text":"CME Globex requires secure authentication for Drop Copy sessions on Convenience Gateway (CGW) and Market Segment Gateway (MSGW).","type":"text"}]},{"type":"paragraph","content":[{"text":"The logon procedure secures the client system logon with:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Customer identity verification ","type":"text","marks":[{"type":"strong"}]},{"text":"- a client system logon request will be ","type":"text"},{"text":"signed","type":"text","marks":[{"type":"em"}]},{"text":" with security credentials issued and validated by CME Group.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Message confidentiality and integrity ","type":"text","marks":[{"type":"strong"}]},{"text":"- to credential the logon message, the client system sends a ","type":"text"},{"text":"keyed-hash message authentication code (HMAC)","type":"text","marks":[{"type":"link","attrs":{"href":"https://tools.ietf.org/html/rfc2104"}}]},{"text":" generated from a combination of the logon FIX tag values. When CME Globex receives the logon message, it uses the identical inputs to calculate the HMAC value to validate against the logon request. If the values do not match, CME Globex rejects the logon.","type":"text"}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Drop Copy customers must use the logon procedure for all CME Group markets, including Partner Exchange markets hosted on the CME Globex platform.","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Customers must create secure key pairs for Drop Copy Sessions in the ","type":"text"},{"text":"CME Customer Center","type":"text","marks":[{"type":"link","attrs":{"href":"https://login.cmegroup.com/sso/ssologin.action"}}]},{"text":".","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"For more information on HMAC, please refer to:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Hash-Based Message Authentication","type":"text","marks":[{"type":"link","attrs":{"href":"https://en.wikipedia.org/wiki/Hash-based_message_authentication_code#Definition"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"HMAC Examples","type":"text","marks":[{"type":"link","attrs":{"href":"http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/HMAC_SHA256.pdf"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"HMAC Cryptography","type":"text","marks":[{"type":"link","attrs":{"href":"http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf"}}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Drop Copy Security Credentials","type":"text"}]},{"type":"paragraph","content":[{"text":"When the client system submits a secure Logon message to Drop Copy, the message will contain the security credentials","type":"text"},{"text":" ","type":"text","marks":[{"type":"em"}]},{"text":"required","type":"text"},{"text":" ","type":"text","marks":[{"type":"em"}]},{"text":"for identity and permissions verification.","type":"text"}]},{"type":"paragraph","content":[{"text":"Security ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2a47fdba-13b7-43f6-b74d-a25a0b2e7c95"}}]},{"text":"credentials are secure key pairs available only to the customer and the CME Globex platform.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Access Key ID – used to sign Logon request to Drop Copy.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Secret Key – used to create HMAC signature.","type":"text"}]}]}]},{"type":"bodiedExtension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"panel","parameters":{"macroParams":{"title":{"value":"Secure Key Pair Creation and Management in the CME Customer Center"}},"macroMetadata":{"macroId":{"value":"4cee0ac5-54a0-48bd-b818-5fec989c121b"},"schemaVersion":{"value":"1"},"title":"Panel"}},"localId":"7b315502-519d-40ea-ab54-dd2871311021"},"content":[{"type":"paragraph","content":[{"text":"When a customer creates a secure key pair, the credentials can be viewed and downloaded in the ","type":"text"},{"text":"CME Customer Center","type":"text","marks":[{"type":"link","attrs":{"href":"https://login.cmegroup.com/sso/ssologin.action"}}]},{"text":". ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Once created, credentials are accessible and available for multiple downloads in the CME Customer Center.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Clients are limited to 10 2FA tokens for logon and download per day.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A customer can have up to two secure key pairs for a Session ID for up to four weeks, after which the older secure key pair is automatically expired.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A newly created secure key pair will have a status of ","type":"text"},{"text":"active,","type":"text","marks":[{"type":"em"}]},{"text":" i.e. valid for logon.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The first secure key pair will expire in four weeks after the market close.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If a customer generates a third secure key pair:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"One of the existing secure key pairs will be deleted, effective immediately, based on the customer selection. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The remaining secure key pair will expire in four weeks after the market close.","type":"text"}]}]}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":" The Request Center is closed on weekends, from 4:30 pm Friday to 10:00 am Sunday CT.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"For security reasons, CME Group requires customers to change their security credentials every 12 months. Notification regarding pending security credential expiration will be sent to registered administrators.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"In a Disaster Recovery (DR) scenario, if a customer has created or managed the secure key pair (Access Key ID + Secret Key) in production within 15 minutes prior to the disaster event, that security credential change may not be reflected in the DR environment; in such an unlikely event, customers should generate a new secure key pair upon CME Globex transition to the DR environment.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Logon Procedure","type":"text"}]},{"type":"paragraph","content":[{"text":"This section describes the steps to sign a logon request to Drop Copy. These steps are:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Create Canonical FIX Message.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Create Signature using Secret Key provided by CME and Canonical FIX Message ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Populate Algorithm ID plus Access Key ID plus HMAC Signature in the credentials fields of the logon message","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 1 - Create Canonical FIX Message","type":"text"}]},{"type":"paragraph","content":[{"text":"To sign a logon request to Drop Copy, create a string that includes the following information from the logon FIX tag values. All values used to create the signature must match exactly to the tag values in the Logon message.","type":"text"}]},{"type":"paragraph","content":[{"text":"FIX tag values must be assembled in this order and values concatenated into a single string delimited by the new line character (i.e. ‘\\n’).","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Only the tag value—not the tag number—must be used for the calculation of HMAC signature.","type":"text"}]},{"type":"paragraph","content":[{"text":"Example: where tag 34=<999>, use only '999'.","type":"text"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 34-MsgSeqNum – sequence number sent by client system","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 49-SenderCompID – sender comp ID including the Fault Tolerance Indicator (right-most character)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 50-SenderSubID – Operator ID","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 52-SendingTime – timestamp in milliseconds, UTC time format. UTC Timestamps are sent in number of nanoseconds since Unix epoch synced to a master clock to microsecond accuracy.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 57-TargetSubID – recipient of message.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Drop Copy sessions,","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"CGW session – ‘G’","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"MSGW session - two digit market segment ID","type":"text"}]}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 108-HeartBeatInterval – heartbeat interval specified in the logon message as number of seconds","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 142-SenderLocationID – assigned value used to identify specific message originator's location (i.e. geographic location)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 369-LastMsgSeqNumProcessed – last message sequence number processed by the client system","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"This is an optional tag.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 1603-ApplicationSystemName – identifies system generating the message","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 1604-ApplicationSystemVersion – identifies the version of the system generating the message","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 1605-ApplicationSystemVendor – identifies the vendor of the application system","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Example of creating canonical FIX message","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"wide","width":100.0},"content":[{"type":"media","attrs":{"width":1103,"id":"639f1726-e4c5-46b2-9e54-82ea197101dc","collection":"contentId-665092109","type":"file","height":650}}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 2 - Create Signature using Secret Key and Canonical FIX Message","type":"text"}]},{"type":"paragraph","content":[{"text":"The signature is a Base64 URL Encoding of the Canonical Message created in Step 1 using the Secret Key provided by CME.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The Secret Key downloaded from Request Center is ","type":"text"},{"text":"Base64 URL Encoded","type":"text","marks":[{"type":"strong"}]},{"text":". Customers must decode the secret key first before using it.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"In pseudo code:","type":"text"}]},{"type":"paragraph","content":[{"text":"Base64 URL Encoding (HmacSHA256(CanonicalFIXMessage, SecretKey));","type":"text"}]},{"type":"paragraph","content":[{"text":"Example Signature: oHZ2Dx1ihFAp7kHOFcJPkijm27xfApJFp-ZhsSCxr3s","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Example of creating Base 64 URL Encoding using HMAC SHA256","type":"text"}]},{"type":"paragraph","content":[{"text":"Signature calculation in Java:","type":"text"}]},{"type":"codeBlock","content":[{"text":"public String calculateHMAC(String canonicalRequest, String userKey) { \n String hash = null;\n \n try {\n // Init HMAC instance\n Mac sha256HMAC;\n sha256HMAC = Mac.getInstance(\"HmacSHA256\");\n \n // Initialize HMAC instance with the key\n // Decode the key first, since it is base64url encoded\n SecretKeySpec secretKey = new SecretKeySpec(Base64.getUrlDecoder().decode(userKey), \"HmacSHA256\");\n sha256HMAC.init(secretKey);\n \n // Calculate HMAC, base64url encode the result and strip padding\n hash = Base64.getUrlEncoder().withoutPadding().encodeToString((sha256HMAC.doFinal(canonicalRequest.getBytes(\"UTF-8\"))));\n \n } catch (NoSuchAlgorithmException | InvalidKeyException | IllegalStateException | UnsupportedEncodingException e) {\n e.printStackTrace();\n }\n \n return hash;\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"Signature calculation in C++:","type":"text"}]},{"type":"codeBlock","content":[{"text":"// This exmaple is using Crypto++ library version 5.6.5 from https://www.cryptopp.com/\n// g++ -I/usr/include/cryptopp hmacexample.cpp -o hmac.exe -lcryptopp -lpthread\n#include \nusing std::cout;\nusing std::cerr;\nusing std::endl;\n\n#include \nusing std::string;\n\n#include \nusing std::exit;\n\n#include \"cryptopp/cryptlib.h\"\nusing CryptoPP::Exception;\n\n#include \"cryptopp/hmac.h\"\nusing CryptoPP::HMAC;\n\n#include \"cryptopp/sha.h\"\nusing CryptoPP::SHA256;\n\n#include \"cryptopp/base64.h\"\nusing CryptoPP::Base64URLEncoder;\nusing CryptoPP::Base64URLDecoder;\n\n#include \"cryptopp/filters.h\"\nusing CryptoPP::StringSink;\nusing CryptoPP::StringSource;\nusing CryptoPP::HashFilter;\n\nstring calculateHMAC(string &key, string &canonicalRequest)\n{\n \n string decoded_key, calculatedHmac, encodedHmac;\n \n try\n {\n // Decode the key since it is base64url encoded\n StringSource(key, true,\n new Base64URLDecoder(\n new StringSink(decoded_key)\n ) // Base64URLDecoder\n ); // StringSource\n \n // Calculate HMAC\n HMAC < SHA256 > hmac((byte*)decoded_key.c_str(), decoded_key.size()); \n \n StringSource(canonicalRequest, true,\n new HashFilter(hmac,\n new StringSink(calculatedHmac)\n ) // HashFilter \n ); // StringSource\n }\n catch(const CryptoPP::Exception& e)\n {\n cerr << e.what() << endl;\n exit(1);\n }\n \n // base64url encode the HMAC and strip padding\n StringSource(calculatedHmac, true,\n new Base64URLEncoder(\n new StringSink(encodedHmac)\n ) // Base64URLEncoder\n ); // StringSource\n \n \n return encodedHmac;\n} ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 3 - Populate Algorithm ID plus Access Key ID plus HMAC Signature in the new credentials fields of the logon message ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 354-EncodedTextLen - contains the length of AccessKeyID ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 355-EncodedText - contains the AccessKeyID","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 1400-EncryptedPasswordMethod - contains the AlgorithmID defined as ","type":"text"},{"text":"CME-1-SHA-256","type":"text","marks":[{"type":"link","attrs":{"href":"https://tools.ietf.org/html/rfc4231"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 1401-EncryptedPasswordLen - contains the length of the HMAC signature","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tag 1402-EncryptedPassword - contains the HMAC signature. HMAC signature must be encoded in ","type":"text"},{"text":"Base 64 Encoding with URL and Filename Safe Alphabet","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"https://tools.ietf.org/html/rfc4648#section-5"}}]},{"text":".","type":"text","marks":[{"type":"underline"}]}]}]}]},{"type":"paragraph","content":[{"text":"If any of these tags are missing, the client systems will receive a ","type":"text","marks":[{"type":"strong"}]},{"text":"Logout","type":"text","marks":[{"type":"strong"},{"type":"link","attrs":{"href":"https://www.cmegroup.com/confluence/display/EPICSANDBOX/Logout"}}]},{"text":" message in response. The Logout message will not include detailed rationale for the failure to help protect the security of client sessions.","type":"text","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Secure Logon from Client System to CME Globex","type":"text"}]},{"type":"paragraph","content":[{"text":"This diagram illustrates the data processing required for the client system to submit a secure Logon message to CME Globex.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"gliffy","parameters":{"macroParams":{"imageAttachmentId":{"value":"att685506573"},"macroId":{"value":"8486cf01-c9d2-42f3-be19-fdbb0a8260f3"},"baseUrl":{"value":"https://cmegroupclientsite.atlassian.net/wiki"},"name":{"value":"Drop Copy 4.0 Session Layer-Logon-Secure-Logon"},"diagramAttachmentId":{"value":"att685178891"},"containerId":{"value":"665092109"},"version":{"value":"2"},"timestamp":{"value":"1744057259243"}},"macroMetadata":{"macroId":{"value":"947240bd-69f4-4ff3-abc4-37d0b3268f14"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"image","data":{"url":"https://confluence-connect.gliffy.net/diagram/image/placeHolder.png?imageAttachmentId=att685506573¯oId=8486cf01-c9d2-42f3-be19-fdbb0a8260f3&baseUrl=https%3A%2F%2Fcmegroupclientsite.atlassian.net%2Fwiki&name=Drop+Copy+4.0+Session+Layer-Logon-Secure-Logon&diagramAttachmentId=att685178891&containerId=665092109&version=2×tamp=1744057259243"}}],"title":"Gliffy Diagram"}},"localId":"d3f4ea25-895c-4292-91bc-4a950ae943a5"}},{"type":"paragraph","content":[{"text":"When CME Globex receives the logon request, it performs the same steps as the client system did to calculate the HMAC signature as follows:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Confirm the access key is accurate and assigned to the logon message's Session ID expected.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Compare the timestamp (tag 52-SendingTime) in the client Logon message (tag 35-MsgTpe=A) with the current time. To ensure the timestamp value submitted in tag 52 is current, CME Group strongly recommends following ","type":"text"},{"text":"Network Time Protocol guidleines","type":"text","marks":[{"type":"link","attrs":{"href":"https://cmegroupclientsite.atlassian.net/wiki/spaces/EPICSANDBOX/pages/457217083"}}]},{"text":".","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A timestamp older than ","type":"text"},{"text":"5","type":"text","marks":[{"type":"em"}]},{"text":" seconds will be rejected as stale.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Calculate and compare HMAC signature to that on Logon request.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If the HMAC signatures match, the logon message is authentic and validates that the sender has the secret key.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"CME Globex will send a Logon (tag 35-MsgType=A) response to client system.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If the HMAC signatures do not match, the logon request is rejected.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"CME Globex will send a Logout ","type":"text"},{"text":"(tag 35-MsgType=5) ","type":"text","marks":[{"type":"strong"}]},{"text":"message to the client system.","type":"text"}]},{"type":"paragraph","content":[{"text":"Error conditions could apply to these scenarios:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Logon message is missing any of the new security credentials fields","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. All Required Fields are not Present. Missing Tag . Logout Forced","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Logon message contains invalid Algorithm ID","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. Invalid EncryptedPasswordMethod(tag 1400). Logout Forced","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Logon message contains HMAC signature which cannot be decoded using Base 64 Encoding with URL and Filename Safe Alphabet","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. Logout Forced","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Logon message is missing all the new security credentials fields ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. Logout Force","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Logon message is pending HMAC validation and another logon attempt is made (not in-session)","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. Logon Already in Progress. Logout Forced","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"HMAC authentication times out","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Logon Could not be Authenticated at This Time. Please Try Again Later. Logout Forced","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"HMAC authentication response contains incorrect SenderCompID","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. Logout Forced","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"HMAC authentication response fails because HMAC Signature does not match ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. Logout Forced","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"HMAC authentication response fails because Access Key ID does not match","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"58=Invalid Logon. Logout Forced","type":"text"}]}]}]}]}]}]}]}]}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Invalid Logon (tag 35=","type":"text"},{"text":"A","type":"text","marks":[{"type":"strong"}]},{"text":") due to HMAC authentication will be counted towards ","type":"text"},{"text":"Automated Port Closure","type":"text","marks":[{"type":"link","attrs":{"href":"http://www.cmegroup.com/globex/trade-on-cme-globex/gcc-support.html"}}]},{"text":".","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Secure Logon from CME Globex to Client System","type":"text"}]},{"type":"paragraph","content":[{"text":"This diagram illustrates how CME Globex validates the secure client Logon using the same inputs used by the client system to generate the HMAC signature.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"gliffy","parameters":{"macroParams":{"imageAttachmentId":{"value":"att685113347"},"macroId":{"value":"5a55c51e-ee51-4110-b399-9f339671dfb8"},"baseUrl":{"value":"https://cmegroupclientsite.atlassian.net/wiki"},"displayName":{"value":"Drop Copy 4.0 Session Layer-Logon-SecuredLogonAck"},"name":{"value":"Drop Copy 4.0 Session Layer-Logon-SecuredLogonAck"},"diagramAttachmentId":{"value":"att685080586"},"containerId":{"value":"665092109"},"version":{"value":"3"},"timestamp":{"value":"1744057286304"}},"macroMetadata":{"macroId":{"value":"938e2e04-d48f-4ac3-97fd-dc60e09f0636"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"image","data":{"url":"https://confluence-connect.gliffy.net/diagram/image/placeHolder.png?imageAttachmentId=att685113347¯oId=5a55c51e-ee51-4110-b399-9f339671dfb8&baseUrl=https%3A%2F%2Fcmegroupclientsite.atlassian.net%2Fwiki&displayName=Drop+Copy+4.0+Session+Layer-Logon-SecuredLogonAck&name=Drop+Copy+4.0+Session+Layer-Logon-SecuredLogonAck&diagramAttachmentId=att685080586&containerId=665092109&version=3×tamp=1744057286304"}}],"title":"Gliffy Diagram"}},"localId":"e8448e8d-4663-4f81-9219-fc847627e87c"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Tag 52-SendingTime Validation","type":"text"}]},{"type":"paragraph","content":[{"text":"Drop Copy logon requests must reach CME Globex within 5 seconds to prevent a stale logon. Timestamps (tag 52-SendingTime) submitted by the client system in the Logon (tag 35-MsgTpe=A) message older than 5 seconds will be rejected. CME Globex will send a Logout (tag 35-MsgType=5)","type":"text"},{"text":" ","type":"text","marks":[{"type":"strong"}]},{"text":"message to the client system.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"To ensure the timestamp value submitted in tag 52 is current, CME Group strongly recommends the following ","type":"text"},{"text":"Network Time Protocol guidelines","type":"text","marks":[{"type":"link","attrs":{"href":"https://cmegroupclientsite.atlassian.net/wiki/spaces/EPICSANDBOX/pages/457217083"}}]},{"text":".","type":"text"}]}]},{"type":"paragraph","content":[{"text":"top","type":"text","marks":[{"type":"link","attrs":{"href":"#"}}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Drop Copy 4.0 Logon Scenarios","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"anchor","parameters":{"macroParams":{"":{"value":"topofpage"},"legacyAnchorId":{"value":"DropCopy4.0SessionLayer-Logon-topofpage"}},"macroMetadata":{"macroId":{"value":"15c6c401-5d4e-470a-bbc2-1c853400233e"},"schemaVersion":{"value":"1"},"title":"Anchor"}},"localId":"f0b9879e-5c3d-40a5-98d6-f3d6fb1fdadb"}},{"text":"Drop Copy","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"8dda5b8d-6a99-40ea-9a78-cd70c42393ee"}}]},{"text":" logon must follow ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]},{"text":"the","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"7519c7f0-4bb0-47e7-9fef-1d7bda99273e"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]},{"text":" ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"7519c7f0-4bb0-47e7-9fef-1d7bda99273e"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"93c3fe5e-3529-466c-8ff6-79d804ad6e09"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]},{"text":"CME Globex API Secure Logon procedure","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"93c3fe5e-3529-466c-8ff6-79d804ad6e09"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"link","attrs":{"href":"#logon"}}]},{"text":".","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"93c3fe5e-3529-466c-8ff6-79d804ad6e09"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]},{"text":" Once securely logged on, the following information is applicable to the Drop Copy session.","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]}]}]},{"type":"paragraph","content":[{"text":"Client systems use the ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]},{"text":"Logon (tag 35-MsgType=A)","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"link","attrs":{"href":"https://cmegroupclientsite.atlassian.net/wiki/spaces/EPICSANDBOX/pages/664862773"}}]},{"text":" message for authentication with Drop Copy. There are three Logon scenarios:","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Beginning of Week Logon","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"strong"},{"type":"link","attrs":{"href":"#"}}]},{"text":" -- the very first logon message the client system sends for the week. Client systems ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}}]},{"text":"must set","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"strong"}]},{"text":" their inbound and outbound sequence numbers to '","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}}]},{"text":"1","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"strong"}]},{"text":"' prior to the Beginning of Week Logon for a successful logon.","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Mid-Week Logon","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"strong"},{"type":"link","attrs":{"href":"#"}}]},{"text":" – used for any subsequent logons, after the beginning of the week. Following mid-week log off, the client system logs in mid-week with the next sequential outbound message sequence number.","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In Session Logon","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"strong"},{"type":"link","attrs":{"href":"#"}}]},{"text":" – used to reset sequence numbers while the client system is already logged on.","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"2ef4c0d2-d1fe-4b1a-a668-2dacab16ec8f"}}]}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"If there is a logon failure, the client system must reset the inbound and outbound sequence number to '1' until the client system establishes a successful Beginning of Week Logon.","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The client system must submit the Logon message within 60 seconds after establishing a TCP/IP connection. If the client system does not submit the Logon message within 60 seconds, the TCP/IP socket connection is assumed to be stale and the socket is closed.","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]}]}]},{"type":"paragraph","content":[{"text":"See also: ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]},{"text":"Session Layer - Fault Tolerance","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}},{"type":"link","attrs":{"href":"https://cmegroupclientsite.atlassian.net/wiki/spaces/EPICSANDBOX/pages/664928273"}}]},{"text":" for a discussion of setting the Fault Tolerance Indicator (FTI) at logon and failover scenarios.","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"35284ba5-654a-4627-b1ed-4e54b5c49e79"}}]}]},{"type":"paragraph","content":[{"text":"top","type":"text","marks":[{"type":"link","attrs":{"href":"#"}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Beginning of Week Logon","type":"text"}]},{"type":"paragraph","content":[{"text":"The Beginning of Week Logon (35=A) message must be populated with:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Tag 49-SenderCompID with the Fault Tolerance Indicator set to 'N' for all customers. This tag is 7 characters long and consists of 2 sub-fields: ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Session ID (left-most 6 characters)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fault Tolerance Indicator (last trailing character)","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Tag 141-ResetSeqNumFlag = 'N'","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Tag 34-MsgSeqNum = '1'","type":"text"}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The Session ID and Password are assigned and can be obtained by contacting your Global Account Manager.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"The following diagram illustrates the message flow for a successful Beginning of Week logon scenario initiated by the client system.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"gliffy","parameters":{"macroParams":{"name":{"value":"Beginning of Week Logon"},"pagePin":{"value":"6"}},"macroMetadata":{"macroId":{"value":"8fb4e5e2-b7eb-4478-b16c-2ef81485428d"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"image","data":{"url":"https://confluence-connect.gliffy.net/diagram/image/placeHolder.png?name=Beginning+of+Week+Logon&pagePin=6"}}],"title":"Gliffy Diagram"}},"localId":"4ad894e8-2cc9-408f-8110-d415581d5d99"}},{"type":"paragraph","content":[{"text":"If any of the requirements are not met or if Drop Copy is unable to authenticate the client system, the client system receives a Logout (35=5) message and the connection is dropped. In addition, Drop Copy does not increment its inbound sequence number.","type":"text"}]},{"type":"paragraph","content":[{"text":"If authentication is successful, a ","type":"text"},{"text":"Logon (35=A)","type":"text","marks":[{"type":"link","attrs":{"href":"https://cmegroupclientsite.atlassian.net/wiki/spaces/EPICSANDBOX/pages/664862773"}}]},{"text":" message is sent with a Fault Tolerance Indicator of 'N'.","type":"text"}]},{"type":"paragraph","content":[{"text":"After sending the Logon (35=A) message, Drop Copy sends a Test Request (35=1) message and the client system must respond with a Heartbeat (35=0) in response. The client application must receive the Logon Confirmation (tag 35-MsgType=A) message prior to sending the Heartbeat (tag 35-MsgType=0) message and any other subsequent messages.","type":"text"}]},{"type":"paragraph","content":[{"text":"Tag 141-ResetSeqNumFlag must be 'N' for Beginning of Week Logon message.","type":"text"}]},{"type":"paragraph","content":[{"text":"Sequence Numbers - If the client system outbound* sequence number is not reset to '1' prior to the Beginning of Week Logon, and the client system sends a Logon (tag 35-MsgType=A) message, the client is logged out. ","type":"text"},{"text":"The logout message will have the following in tag 58-Text","type":"text","marks":[{"type":"strong"}]},{"text":"=","type":"text"},{"text":"Failed to reset sequence numbers at beginning of the week. Logout forced","type":"text","marks":[{"type":"em"}]},{"text":". ","type":"text"},{"text":"The client must then reset sequence numbers and reattempt the logon","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"},{"text":"top","type":"text","marks":[{"type":"link","attrs":{"href":"#topofpage"}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Mid-Week Logon","type":"text"}]},{"type":"paragraph","content":[{"text":"Mid-Week Logon is used for any subsequent logon after a successful Beginning of Week Logon. The Mid-Week Logon uses a sequence number series that continues from the next sequence number where the client logged off or was disconnected.","type":"text"}]},{"type":"paragraph","content":[{"text":"As a result, the Mid-Week Logon cannot have a sequence number set to '1'. The requirements of Mid-Week Logon are similar to the Beginning of Week Logon except for the sequence number requirement.","type":"text"}]},{"type":"paragraph","content":[{"text":"The requirements on the Mid-Week Logon message are:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Tag 49-SenderCompID with the Fault Tolerance Indicator set to 'N' for all Drop Copy customers.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Tag 34-MsgSeqNo set to continue where the sequence left off at logout","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Tag 141-ResetSeqNumFlag set to 'N'","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"If any of the above requirements are not met, the client system receives a Logout message in response. In addition, Drop Copy does not increment its inbound sequence number.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Tag 141-ResetSeqNumFlag must be 'N' for Mid-Week Logon message. If the client system does not follow this requirement, the client system is logged out.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"The following diagram illustrates the message flow for a successful Mid-Week Logon scenario initiated by the client system.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"gliffy","parameters":{"macroParams":{"name":{"value":"Mid Week Logon"},"pagePin":{"value":"6"}},"macroMetadata":{"macroId":{"value":"1436b7fe-ba3a-4533-984c-6c3ff8e4f2a3"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"image","data":{"url":"https://confluence-connect.gliffy.net/diagram/image/placeHolder.png?name=Mid+Week+Logon&pagePin=6"}}],"title":"Gliffy Diagram"}},"localId":"11db2962-a143-4a84-8213-53a3fc408150"}},{"type":"paragraph","content":[{"text":" ","type":"text"},{"text":"top","type":"text","marks":[{"type":"link","attrs":{"href":"#topofpage"}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Mid-Week Logon and Undelivered Messages","type":"text"}]},{"type":"paragraph","content":[{"text":"Mid-Week Logon provides handling for undelivered messages which were sent while the client system was logged out:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"While the client system is logged out, Drop Copy stores any messages to be sent to the client system.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"As a result, the client system may receive a Logon (35=A) message with a sequence number higher than expected due to the fact that Drop Copy processed those stored messages prior to the Mid-Week Logon message and incremented its outbound sequence number accordingly.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The client system submits a ","type":"text"},{"text":"Resend Request (35=2)","type":"text","marks":[{"type":"link","attrs":{"href":"https://cmegroupclientsite.atlassian.net/wiki/spaces/EPICSANDBOX/pages/665485365"}}]},{"text":" message for messages stored while the client system was logged out.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"The following diagram illustrates the message flow for a Mid-Week Logon scenario where undelivered Execution Reports messages were generated by Drop Copy while the client system was logged out.","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The client system successfully logged on Tuesday morning ","type":"text"},{"text":"and submitted","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"32712213-4aa9-489a-b381-ca0660966856"}}]},{"text":" ","type":"text"},{"text":"New Order (35=D)","type":"text","marks":[{"type":"link","attrs":{"href":"https://cmegroupclientsite.atlassian.net/wiki/spaces/EPICSANDBOX/pages/457327633"}}]},{"text":" messages.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The client system logged out. While the client system is logged out, the orders remain active and any corresponding Execution Reports are generated. Drop Copy processes these Execution Reports and increments its outbound sequence number while the client system is logged out.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The client system logs in on Wednesday morning. When the client system receives the Logon Confirmation (tag 35-MsgType=A) message, the client system detects that the sequence number of the Logon Confirmation (tag 35-MsgType=A) message is higher than expected. The client application follows up with a Resend Request (tag 35-MsgType=2) message and retrieves unsent messages that were generated while the client system was logged out.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"The following diagram illustrates the message sequence for a Mid-Week Logon with unsent messages where the client system logs off and logs back on during mid-week.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"gliffy","parameters":{"macroParams":{"name":{"value":"Mid Week Logon Unsent Messages"},"pagePin":{"value":"6"}},"macroMetadata":{"macroId":{"value":"23e9eb5d-273e-48da-9352-b3d97278654d"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"image","data":{"url":"https://confluence-connect.gliffy.net/diagram/image/placeHolder.png?name=Mid+Week+Logon+Unsent+Messages&pagePin=6"}}],"title":"Gliffy Diagram"}},"localId":"72d8e9ba-d243-4c65-8805-25b5e96a4799"}},{"type":"paragraph","content":[{"text":"top","type":"text","marks":[{"type":"link","attrs":{"href":"#topofpage"}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"In-Session Logon","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"In-Session Logon should only be used to recover from catastrophic failure.","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The client system must send a Test Request (tag 35-MsgType=1) message before sending an In-Session Logon (tag 35-MsgType=A) message. If not sent in that order, the client system may lose messages that cannot be requested again as the sequence number may be reset to '1' for both parties, client and Drop Copy.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"In-Session Logon is used to reset sequence numbers after the client has logged on. During In-Session Logon, tag 141-ResetSeqNumFlag is set to 'Y' to reset sequence numbers and tag 34-MsgSeqNum of that Logon must be set to '1'. If the client would like to reset sequence numbers in the middle of a session, the client should follow these steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Send a Test Request message and wait for a Heartbeat (35=0) message to ensure that there are no sequence number gaps.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Send a Logon (35=A) message with tag 141-ResetSeqNumFlag set to 'Y' and a sequence number of '1' in tag 34-MsgSeqNum.","type":"text"},{"type":"hardBreak"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If the client system sends an In-Session Logon (35=A) with tag 141-ResetSeqNumFlag set to 'N' or if the tag is missing, then the client system is logged out.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In addition, if the client sends a sequence number other than '1' in tag 34-MsgSeqNum during In-Session Logon, the client system is logged out.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Drop Copy responds with a Logon (35=A) message with tag 141-ResetSeqNumFlag set to 'Y' and a sequence number of '1' in tag 34-MsgSeqNum.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Drop Copy resets its inbound and outbound sequence numbers and the client's subsequent message must have a sequence number of '2'.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Do not use tag 141-ResetSeqNumFlag to recover from network disconnects during the week.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"top","type":"text","marks":[{"type":"link","attrs":{"href":"#topofpage"}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"In-Session Logon Used to Reset Sequence Number","type":"text"}]},{"type":"paragraph","content":[{"text":"The following diagram illustrates a successful In-Session Logon scenario where the client system uses a Test Request message and resets sequence numbers to '1' due to a catastrophic failure.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"gliffy","parameters":{"macroParams":{"name":{"value":"In Session Logon Reset Sequence Number"},"pagePin":{"value":"4"}},"macroMetadata":{"macroId":{"value":"c68ea3e5-8855-45bd-a6ab-6130c6b580b5"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"image","data":{"url":"https://confluence-connect.gliffy.net/diagram/image/placeHolder.png?name=In+Session+Logon+Reset+Sequence+Number&pagePin=4"}}],"title":"Gliffy Diagram"}},"localId":"237a04ca-2c3d-4b4d-9cfc-11509c5ac4dd"}},{"type":"paragraph","content":[{"text":"top","type":"text","marks":[{"type":"link","attrs":{"href":"#topofpage"}}]}]}],"version":1}

Browser not supported