raphaelm
DKB: Error during dialog initialization, could not fetch BPD
Describe the bug
Execution of the test script fails with this error:
fints.exceptions.FinTSClientError: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.
*Bank I tested this with Name of the bank: DKB FinTS URL: https://banking-dkb.s-fints-pt-dkb.de/fints30
Expected behavior Test script should execute without error.
Code required to reproduce See test script With these parameters:
client_args = (
'12030000', # BLZ
'********', # USER
getpass.getpass('PIN: '),
'https://banking-dkb.s-fints-pt-dkb.de/fints30' # ENDPOINT
)
Log output / error message
Log
WARNING:fints.client:You should register your program with the ZKA and pass your own product_id as a parameter.
DEBUG:fints.connection:Sending >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
fints.message.FinTSCustomerMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 383, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '0', # Dialog-ID
message_number = 1, # Nachrichtennummer
),
fints.segments.message.HNVSK3( # Verschlüsselungskopf, version 3
header = fints.formals.SegmentHeader('HNVSK', 998, 3), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '998', # Sicherheitsfunktion, kodiert
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '0',
),
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2020, 2, 27),
time = datetime.time(17, 0, 40, 799136),
),
encryption_algorithm = fints.formals.EncryptionAlgorithm( # Verschlüsselungsalgorithmus
usage_encryption = fints.formals.UsageEncryption.OSY, # Owner Symmetric
operation_mode = fints.formals.OperationMode.CBC, # Cipher Block Chaining
encryption_algorithm = fints.formals.EncryptionAlgorithmCoded.TWOKEY3DES, # 2-Key-Triple-DES
algorithm_parameter_value = b'\x00\x00\x00\x00\x00\x00\x00\x00',
algorithm_parameter_name = fints.formals.AlgorithmParameterName.KYE, # Symmetrischer Schlüssel, verschlüsselt mit symmetrischem Schlüssel
algorithm_parameter_iv_name = fints.formals.AlgorithmParameterIVName.IVC, # Initialization value, clear text
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '12030000',
),
user_id = '********',
key_type = fints.formals.KeyType.V, # Schlüsselart: Chiffrierschlüssel
key_number = 0,
key_version = 0,
),
compression_function = fints.formals.CompressionFunction.NULL, # Komprimierungsfunktion: Keine Kompression
),
fints.segments.message.HNVSD1( # Verschlüsselte Daten, version 1
header = fints.formals.SegmentHeader('HNVSD', 999, 1), # Segmentkopf
data = fints.types.SegmentSequence([ # Daten, verschlüsselt
fints.segments.message.HNSHK4( # Signaturkopf, version 4
header = fints.formals.SegmentHeader('HNSHK', 2, 4), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '999', # Sicherheitsfunktion, kodiert
security_reference = '7613855', # Sicherheitskontrollreferenz
security_application_area = fints.formals.SecurityApplicationArea.SHM, # Bereich der Sicherheitsapplikation, kodiert: Signaturkopf und HBCI-Nutzdaten
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '0',
),
security_reference_number = 1, # Sicherheitsreferenznummer
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2020, 2, 27),
time = datetime.time(17, 0, 40, 798518),
),
hash_algorithm = fints.formals.HashAlgorithm( # Hashalgorithmus
usage_hash = '1',
hash_algorithm = '999',
algorithm_parameter_name = '1',
),
signature_algorithm = fints.formals.SignatureAlgorithm( # Signaturalgorithmus
usage_signature = '6',
signature_algorithm = '10',
operation_mode = '16',
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '12030000',
),
user_id = '********',
key_type = fints.formals.KeyType.S, # Schlüsselart: Signierschlüssel
key_number = 0,
key_version = 0,
),
),
fints.segments.auth.HKIDN2( # Identifikation, version 2
header = fints.formals.SegmentHeader('HKIDN', 3, 2), # Segmentkopf
bank_identifier = fints.formals.BankIdentifier( # Kreditinstitutskennung
country_identifier = '280',
bank_code = '12030000',
),
customer_id = '********', # Kunden-ID
system_id = '0', # Kundensystem-ID
system_id_status = fints.formals.SystemIDStatus.ID_NECESSARY, # Kundensystem-Status: Kundensystem-ID wird benötigt
),
fints.segments.auth.HKVVB3( # Verarbeitungsvorbereitung, version 3
header = fints.formals.SegmentHeader('HKVVB', 4, 3), # Segmentkopf
bpd_version = 0, # BPD-Version
upd_version = 0, # UPD-Version
language = fints.formals.Language2.DE, # Dialogsprache: Deutsch, 'de', Subset Deutsch, Codeset 1 (Latin 1)
product_name = 'DC333D745719C4BD6A6F9DB6A', # Produktbezeichnung
product_version = '3.0.0', # Produktversion
),
fints.segments.dialog.HKSYN3( # Synchronisierung, version 3
header = fints.formals.SegmentHeader('HKSYN', 5, 3), # Segmentkopf
synchronization_mode = fints.formals.SynchronizationMode.NEW_SYSTEM_ID, # Neue Kundensystem-ID zurückmelden
),
fints.segments.message.HNSHA2( # Signaturabschluss, version 2
header = fints.formals.SegmentHeader('HNSHA', 6, 2), # Segmentkopf
security_reference = '7613855', # Sicherheitskontrollreferenz
user_defined_signature = fints.formals.UserDefinedSignature( # Benutzerdefinierte Signatur
pin = '***',
),
),
]),
),
fints.segments.message.HNHBS1( # Nachrichtenabschluss
header = fints.formals.SegmentHeader('HNHBS', 7, 1), # Segmentkopf
message_number = 1, # Nachrichtennummer
),
])
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): banking-dkb.s-fints-pt-dkb.de:443
DEBUG:urllib3.connectionpool:https://banking-dkb.s-fints-pt-dkb.de:443 "POST /fints30 HTTP/1.1" 200 15850
DEBUG:fints.connection:Received <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
I am having the same issue.
@henning77 Were you able to resolve this bug? I was also asking myself, how the "legitimations_id" should be passed.
I don't have a bank account with DKB, so I can't debug this.
The most suspicious thing in the log is the following line:
Auftrag nicht ausgeführt - Die Gerätebezeichnung ist unbekannt. (MBV07390100255)
Somehow, the whole thing fails while trying to fetch the list of available TAN media. You can try not using minimal_interactive_cli_bootstrap but copying its source code and manually passing a "correct" TAN media.
For debugging, you can also try if you can connect using Hibiscus, then do a FinTS trace there and look what TAN medium they are using.
I have added response.text to the log output in client.py:
if response.code == '9010':
raise FinTSClientError("Error during dialog initialization, could not fetch BPD. Please check that you "
"passed the correct bank identifier to the HBCI URL of the correct bank."+response.text)
File "./kontoni.py", line 347, in loadTransactions app.logger.info(f.get_tan_media()) File "/usr/local/lib/python3.6/dist-packages/fints/client.py", line 1360, in get_tan_media response = dialog.send(seg) File "/usr/local/lib/python3.6/dist-packages/fints/dialog.py", line 156, in send self.client.process_response_message(self, response, internal_send=internal_send) File "/usr/local/lib/python3.6/dist-packages/fints/client.py", line 230, in process_response_message self._process_response(dialog, None, response) File "/usr/local/lib/python3.6/dist-packages/fints/client.py", line 1285, in _process_response "passed the correct bank identifier to the HBCI URL of the correct bank."+response.text) fints.exceptions.FinTSClientError: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.
This is the same message mentioned in #93 But I dont know why this worked for me in master branch until last week...
Hibiscus says:
07.10.2020 00:17:17] Dialog beendet [07.10.2020 00:17:17] dialog end failed: java.io.IOException: Server returned HTTP response code: 403 for URL: https://banking-dkb.s-fints-pt-dkb.de:443 [07.10.2020 00:17:17] Dialog-Ende fehlgeschlagen [07.10.2020 00:17:17] fetching BPD failed: java.io.IOException: Server returned HTTP response code: 403 for URL: https://banking-dkb.s-fints-pt-dkb.de:443 org.kapott.hbci.manager.HBCIInstitute.fetchBPD(HBCIInstitute.java:287) [07.10.2020 00:17:17] Abholen der BPD fehlgeschlagen [07.10.2020 00:17:17] FAILED! - maybe this institute does not support anonymous logins [07.10.2020 00:17:17] we will nevertheless go on [07.10.2020 00:17:17] can not check if requested parameters are supported [07.10.2020 00:17:17] hole neue System-ID [07.10.2020 00:17:17] Rufe neue System-ID ab [07.10.2020 00:17:17] Erzeuge HBCI-Nachricht Synch [07.10.2020 00:17:17] signiere HBCI-Nachricht [07.10.2020 00:17:19] the job with the code HNSHK seems not to be allowed with PIN/TAN [07.10.2020 00:17:19] the job with the code HKIDN seems not to be allowed with PIN/TAN [07.10.2020 00:17:19] the job with the code HKVVB seems not to be allowed with PIN/TAN [07.10.2020 00:17:19] the job with the code HKTAN seems not to be allowed with PIN/TAN [07.10.2020 00:17:19] the job with the code HKSYN seems not to be allowed with PIN/TAN [07.10.2020 00:17:19] Verschlüssele HBCI-Nachricht [07.10.2020 00:17:19] Fehler beim Testen des Sicherheits-Mediums: Fehler beim Ermitteln einer neuen System-ID [07.10.2020 00:17:19] Verbinde mit https://banking-dkb.s-fints-pt-dkb.de:443 und prüfe Zertifikat [07.10.2020 00:17:19] Aufgetretene Fehlermeldungen: [07.10.2020 00:17:19] ----------------------------- [07.10.2020 00:17:19] Versende HBCI-Nachricht [07.10.2020 00:17:19] error while opening pin/tan passport; nested exception is: [07.10.2020 00:17:19] Fehler beim Erzeugen eines HBCIHandler Objektes [07.10.2020 00:17:19] Warte auf Antwortdaten [07.10.2020 00:17:19] Fehler beim Erzeugen eines HBCIHandler Objektes [07.10.2020 00:17:19] Fehler beim Registrieren der Nutzerdaten [07.10.2020 00:17:19] Warte auf Antwortdaten [07.10.2020 00:17:19] Fehler beim Ermitteln einer neuen System-ID [07.10.2020 00:17:19] Fehler beim Ermitteln einer neuen System-ID [07.10.2020 00:17:19] Fehler beim Empfangen der Daten vom HBCI-Server [07.10.2020 00:17:19] ----------------------------- [07.10.2020 00:17:19] Server returned HTTP response code: 403 for URL: https://banking-dkb.s-fints-pt-dkb.de:443 [07.10.2020 00:17:19] Server returned HTTP response code: 403 for URL: https://banking-dkb.s-fints-pt-dkb.de:443 [07.10.2020 00:17:19] closing pin/tan passport [07.10.2020 00:17:19] pin/tan passport closed
I had the very same issue with DKB. Since yesterdays "Fix for Postbank issue" / v3.0.1, the issue is solved for me.
I just upgraded running pip3 install fints -U and the sample code from the docs worked.
I just upgraded running pip3 install fints -U and the sample code from the docs worked.
The sample codes from the docs do not work for me. Which sample did you try? For example this one: https://python-fints.readthedocs.io/en/latest/trouble.html
Which sample did you try?
I tried the example script from the troubleshooting page you linked. It was a bit tricky to find out which authentication information to provide, but it worked. For my bank I had to set an additional customer / legitimation ID like this:
client_args = (
'REPLACEME', # BLZ
'REPLACEME', # USER
getpass.getpass('PIN: '),
'REPLACEME', # ENDPOINT
'REPLACEME' # Customer / Legitimation ID
)
I found that id within the Service/HBCI and FinTS section of my online banking.
For my bank I had to set an additional customer / legitimation ID like this [...]
I just tried this, the problem persists in my instance (DKB bank).
[...]
raise FinTSClientError("Error during dialog initialization, could not fetch BPD. Please check that you "
fints.exceptions.FinTSClientError: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.
I also get the same error as @raphaelm stated
[...]
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 4, 2, 4), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '3920',
reference_element = None,
text = 'Zugelassene Zwei-Schritt-Verfahren für den Benutzer.',
parameters = [
'921',
],
),
fints.formals.Response( # Rückmeldung
code = '9955',
reference_element = None,
text = 'Auftrag nicht ausgeführt - Die Gerätebezeichnung ist unbekannt. (MBV07390100255)',
),
],
),
[...]
When it is fetching for the mechanism I get this list:
mechanisms = list(client.get_tan_mechanisms().items())
# RESULT:
[('921', fints.formals.TwoStepParameters6(security_function='921', tan_process='2',
tech_id='TAN2go', zka_id=None,
zka_version=None, name='TAN2go',
max_length_input=6,
allowed_format=fints.formals.AllowedFormat.NUMERIC,
text_return_value='TAN-Nummer',
max_length_return_value=3,
multiple_tans_allowed=True,
tan_time_dialog_association=fints.formals.TANTimeDialogAssociation.ALLOWED,
cancel_allowed=False,
sms_charge_account_required=fints.formals.SMSChargeAccountRequired.MUST_NOT,
principal_account_required=fints.formals.PrincipalAccountRequired.MUST_NOT,
challenge_class_required=False,
challenge_structured=False,
initialization_mode=fints.formals.InitializationMode.CLEARTEXT_PIN_NO_TAN,
description_required=fints.formals.DescriptionRequired.MUST,
response_hhd_uc_required=False,
supported_media_number=2))]
The exception is raised in minimal_interactive_cli_bootstrap through
m = client.get_tan_media()
To be more specific in
# seg = fints.segments.auth.HKTAB4(header=fints.formals.SegmentHeader('HKTAB', 3, 4), tan_media_type=fints.formals.TANMediaType2.ALL, tan_media_class=fints.formals.TANMediaClass3.ALL)
try:
self._bootstrap_mode = True
response = method(dialog)(seg)
Something seems of with the dialog_id - I am not quite sure.
ERROR:fints.client:Dialog response: 9050 - Die Nachricht enthält Fehler.
ERROR:fints.client:Dialog response: 9800 - Dialog abgebrochen
ERROR:fints.client:Dialog response: 9010 - Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.
For my bank I had to set an additional customer / legitimation ID like this [...]
I just tried this, the problem persists in my instance (DKB bank).
I checked again. That error ("Error during dialog initialization, could not fetch BPD.") is reproducible, if I enter a wrong PIN. Also, the customer / legitimation id does not seem to be necessary, as it also works if I change / omit it. Beyond that, I don't feel capable to help you, sorry about that.
Hey, I found something new: I just ran into this issue with the troubleshooting script, and solved it (partially). The script seemed not to be able to complete the login process. So I checked, if Jamaica/Hibiscus were able to connect. That software asked for a TAN to authorize the login process, and in the DKB mobile TAN app it said, that the created connection would be invalidated after 90 days, and now the fints troubleshooting script works again.
So my assumption is, that the troubleshooting script (or fints itself) is not able to operate the DKB TAN based authorization process (correctly).
I have the same issue with Consorsbank. The also have an App based authentication mechanism called "Secure Plus". It is strange though, that Jameica/Hibiscus can connect to Consorsbank without any trouble. Any chance, that we will get a fix for this? Since I am Python Dev myself, I would also be willing to look into this myself and provide a PR. But I would need some pointers on how to best debug this.
So, the core issue here is this interaction:
fints.segments.auth.HKTAN6( # Zwei-Schritt-TAN-Einreichung, version 6
header = fints.formals.SegmentHeader('HKTAN', 5, 6), # Segmentkopf
tan_process = '4', # TAN-Prozess
segment_type = 'HKIDN', # Segmentkennung
parameter_challenge_class = fints.formals.ParameterChallengeClass( # Parameter Challenge-Klasse
parameters = [
None,
# 8 empty items skipped
],
),
tan_medium_name = 'DUMMY', # Bezeichnung des TAN-Mediums
),
...
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 4, 2, 4), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '3920',
reference_element = None,
text = 'Zugelassene Zwei-Schritt-Verfahren für den Benutzer.',
parameters = [
'921',
],
),
fints.formals.Response( # Rückmeldung
code = '9955',
reference_element = None,
text = 'Auftrag nicht ausgeführt - Die Gerätebezeichnung ist unbekannt. (MBV07390100255)',
),
],
),
which is a problem with us sending a DUMMY HKTAN6 as part of dialog initialization, before sending HKTAB. The bank doesn't like it. Setting selected_tan_medium before get_tan_media() does work around this, but is kind of a problem if you don't already have the list of TAN media.
I have the same problem with DKB, see: https://github.com/raphaelm/python-fints/issues/121#issuecomment-1152147591
Setting selected_tan_medium before get_tan_media() does work around this, but is kind of a problem if you don't already have the list of TAN media.
@henryk - What do you mean by "setting selected_tan_medium before get_tab_media()" ? How exactly to do that?
I found that id within the Service/HBCI and FinTS section of my online banking.
@de-graeuler - I could not find this section in my online banking under Service.
Is this a separate section or part of another like Konto und Karten, Einstellungen, TAN-Verfahren ?
Check my comment under #121 and my PR in #146 for an explanation on how to hotfix this issue and where to find your TAN medium name in the DKB TAN2go app.
Check my comment under #121 and my PR in #146 for an explanation on how to hotfix this issue and where to find your TAN medium name in the DKB TAN2go app.
I sadly have the problem with and without your fix. Any Ideas?
I sadly have the problem with and without your fix. Any Ideas?
Are you sure that it's exactly the same problem you're seeing? Have you registered for a product key as described in the documentation? As far as I know the default key was removed, so this might be what you're seeing? Just a guess though.
I sadly have the problem with and without your fix. Any Ideas?
Are you sure that it's exactly the same problem you're seeing? Have you registered for a product key as described in the documentation? As far as I know the default key was removed, so this might be what you're seeing? Just a guess though.
yes I got a product key from ZKI. I get the same error for DKB. I also tried ING and Volksbank, allways get errors during minimal_interactive_cli_bootstrap.