The CME Secure Logon has been live in production for iLink since 21st January 2018, and for DropCopy since 7th January 2018. Secure Logon for both services becomes mandatory as of 1st July 2018, with financial surcharges being applied for using the prior plain text password authentication from 29th April 2018...
The new logon procedure secures the client system logon with validation of keyed-hash message authentication code (HMAC) credentials issued and validated by CME Group. When CME Globex receives the logon message, it uses the identical inputs to calculate the HMAC value to validate against the logon request. If the values do not match then CME Globex rejects the logon request.
OnixS software implementation updates to support CME Globex API Secure Logon completed the CME Globex API Secure Logon certification tests and were available from the following released versions:
C++ V220.127.116.11 21st Nov 2017
.NET V18.104.22.168 26th Oct 2017
Java V4.3.0 26th Oct 2017
CME iLink FIX Order Entry:
CME Secure Logon is a technically simple change as it requires the addition of several specific tags to the FIX Logon message and is supported by all versions of OnixS FIX Engine implementations. We have updated the OnixS CME Trading Client reference implementation samples for all platforms to help our customers to implement the CME Secure Logon procedure. These reference implementation sample updates are available from the following versions:
C++ - from CME iLink FIX Order Entry sample version 22.214.171.124
.NET - CME iLink FIX Order Entry sample version 126.96.36.199
Java - CME iLink FIX Order Entry sample version 1.1.0