[GNC] Using Quicken direct connect with USAA

John Ralls jralls at ceridwen.us
Mon May 25 19:33:02 EDT 2020 

When you first set up the User in the AQBanking Wizard did you check the Accounts tab after downloading the accounts the first time?

Regards,
John Ralls


> On May 25, 2020, at 11:47 AM, Jon Schewe <jpschewe at mtu.net> wrote:
> 
> It just started working "magically". I tried manually creating an
> account and associating it with a GnuCash account. Then tried getting
> the balance and got an error that I had the account number wrong. So I
> went back into the AQBanking Wizard and executed Retrieve Account List
> to get the full account number. Now when I went over to the accounts
> tab my accounts are there! I was able to associate them with the right
> GnuCash accounts and it seems to be working. 
> 
> I went back through my setup and deleted my aqbanking user and wrote up
> the steps that worked. It seems there is something about needing a
> dummy account created, otherwise aqbanking won't save the account
> information that it retrieved.
> 
> Here are the steps, note the bit about a dummy account.
> 
>  * Tools -> Online Banking Setup...
>  * Create User
>  * Next
>  * OFX-DirectConnect backend
>  * Run
>  * Next
>  * Select
>  * USAA
>  * Select bank and click OK
>  * Next
>  * Enter USAA number with zeros on the left to make the number 9
> digits for the User Name and the User Id
>  * Next
>  * Next
>  * Next
>  * Retrieve Account List
>  * Enter PIN
>  * Finish
>  * Click on the Accounts tab
>  * If it's empty, create a dummy account using the aqofxconnect
> backend
>    * OK
>    * Leave everything blank
>    * OK
>    * Dismiss message about unable to update
>    * Users
>    * Edit User
>    * Bank Settings
>    * Retrieve Account List
>    * Close
>  * Click on Accounts tab and see the new accounts, delete the dummy
> account
>  * Close
>  * Next
>  * Associate to GnuCash accounts, looking at the account number works
> well
>  * Next
>  * Apply
>  * Test by opening a GnuCash account that was associated with USAA
>    * Actions -> Online Actions -> Get Balance
>    * See the balance show up in a dialog
> 
> On Mon, 2020-05-25 at 13:21 -0500, Jon Schewe wrote:
>> Thank you for your help thus far.
>> 
>> I noticed that I had AQBanking and GnuCash installed both inside and
>> outside flatpak. I've removed the version outside flatpak, but that
>> didn't help.
>> 
>> If there are some additional debugging steps that are suggested for
>> checking aqbanking, let me know and I can see where the integration
>> with GnuCash is breaking.
>> 
>> On Mon, 2020-05-25 at 09:47 -0700, John Ralls wrote:
>> 
>> Well, that's progress. The communication with USAA is clearly
>> working.
>> 
>> Maybe the flatpak sandbox isn't letting GnuCash see the results from
>> AQBanking. Unfortunately I don't have time to investigate this
>> further today.
>> 
>> Regards,
>> John Ralls
>> 
>> 
>> 
>> On May 25, 2020, at 9:29 AM, Jon Schewe <jpschewe at mtu.net> wrote:
>> 
>> John,
>> 
>> Using those settings got me different information in the dialog.
>> However I still don't have an option to associate the accounts. When
>> I close the dialogs I'm back to "Start Online Banking Wizard" and the
>> match step is still grey.
>> 
>> 11:24:16 Saving communication log to 1
>> 11:24:16 Sending request...
>> 11:24:16 Using GnuTLS default ciphers.
>> 11:24:16 TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-256-
>> GCM:AEAD
>> 11:24:16 Waiting for response...
>> 11:24:17 Saving communication log to 1
>> 11:24:17 Parsing response...
>> 11:24:17 Status for signon request: Success (Code 0, severity "INFO")
>> The server successfully processed the request.
>> 11:24:17 Status for account info request: Success (Code 0, severity
>> "INFO")
>> The server successfully processed the request.
>> 11:24:17 Received account XXXXXXXXX/XXXXXXXXXX ((no bank
>> name)/ACCOUNT)
>> 11:24:17 Received account XXXXXXXXX/XXXXXXXXXX ((no bank
>> name)/ACCOUNT)
>> 11:24:17 Received account (no bank code)/XXXXXXXXXXXXXXXX ((no bank
>> name)/ACCOUNT)
>> 11:24:17 Operation finished, you can now close this window.
>> 
>> Jon
>> 
>> On Mon, 2020-05-25 at 09:09 -0700, John Ralls wrote:
>> 
>> Jon,
>> 
>> The Application Settings I use for USAA are
>> Application ID: QWIN
>> Application Version: 2200
>> Header Version: 102
>> 
>> In Special Settings:
>> HTTP Version, Client UID, and Security Type are blank, Force SSLv3
>> and Send Short Date are checked, and Send Empty Bank ID and Send
>> Empty FID are unchecked.
>> 
>> Another user had trouble with USAA because he had entered a Client
>> UID on the User Settings page, so make sure that's blank too.
>> 
>> Yes, SSL v3 is less secure than TLS, but it's better than sending the
>> data in the clear, and yes, the authentication that USAA uses on OFX
>> DirectConnect is less than ideal.
>> 
>> Regards,
>> John Ralls
>> 
>> 
>> On May 25, 2020, at 8:59 AM, Jon Schewe <jpschewe at mtu.net> wrote:
>> 
>> Alan,
>> 
>> Thanks for the suggestion. I tried not setting any special settings
>> and
>> make sure the SSL v3 is unchecked. Still no change.
>> 
>> As far as security goes, this method for getting my transactions
>> appears less secure than using Web Connect. When I login to get to
>> the
>> Web Connect download I need to enter a one time password from my
>> phone,
>> but for Direct Connect I only need my PIN.
>> 
>> Jon
>> 
>> On Mon, 2020-05-25 at 11:48 -0400, Alan wrote:
>> Jon,
>> 
>> Disable SSL v3. Info at wiki.gnucash.org is wrong. It's not secure,
>> and no
>> reputable financial institution should be supporting it for financial
>> transactions.
>> 
>> As of this moment, USAA is only supporting TLS 1.2 and 1.3, which are
>> secure.
>> Suggest not setting any of the "special settings" options, and never
>> enable SSL
>> v2 or v3 for any program, except for testing with non-sensitive data.
>> 
>> -----Original Message-----
>> From: gnucash-user
>> [mailto:gnucash-user-bounces+alangnuc=bigtowers.net at gnucash.org] On
>> Behalf Of
>> Jon Schewe
>> Sent: Monday, May 25, 2020 10:36 AM
>> To: gnucash-user <gnucash-user at gnucash.org>
>> Subject: [GNC] Using Quicken direct connect with USAA
>> 
>> I have been using the Web Connect with USAA for years and that's
>> worked great.
>> However now I see that they are discontinuing support for this
>> feature. So I'm
>> trying to setup Direct Connect. I found the instructions for setting
>> up USAA at
>> https://wiki.gnucash.org/wiki/OFX_Direct_Connect_Bank_Settings#USAA,
>> however I'm not seeing the "Server Capabilities" tab to select the
>> account list
>> download options.
>> 
>> I'm using GnuCash 3.10 from flatpak.
>> I'm on Linux.
>> 
>> I have the following Settings:
>> "User Settings"
>> User Name, User id and Client UID all set to my USAA number. I have
>> tried both
>> with the 00 prefix and without.
>> 
>> "Bank Settings"
>> Broker ID: 5874
>> FID: 24591
>> ORG: USAA
>> Server URL: https://service2.usaa.com/ofx/OFXServlet
>> 
>> "Application Settings"
>> I've tried the default application settings and the settings that
>> should be for
>> Quicken 2017:
>> Application ID: QWIN
>> Application Version: 2600
>> Header Version: 102
>> 
>> Under "Special Settings" I've tried HTTP Version blank, 1.0 and 1.1.
>> I've checked "Force SSLv3".
>> 
>> When I go back to the "Bank Settings" tab I see the following after
>> clicking on
>> "Retrieve Account List".
>> 
>> 09:26:37 Sending request...
>> 09:26:37 Using GnuTLS default ciphers.
>> 09:26:37 TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-256-
>> GCM:AEAD
>> 09:26:37 Waiting for response...
>> 09:26:37 Operation finished, you can now close this window.
>> 
>> The AqBanking Setup never lets me get to the point of associating
>> USAA accounts
>> with GnuCash accounts. Can someone give me some pointers on what is
>> wrong here?
>> 
>> Thank you,
>> Jon
>> 
>> 
>> 
>> _______________________________________________
>> gnucash-user mailing list
>> gnucash-user at gnucash.org
>> To update your subscription preferences or to unsubscribe:
>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>> If you are using Nabble or Gmane, please see 
>> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
>> -----
>> Please remember to CC this list on all your replies.
>> You can do this by using Reply-To-List or Reply-All.
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> gnucash-user mailing list
>> gnucash-user at gnucash.org
>> To update your subscription preferences or to unsubscribe:
>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>> If you are using Nabble or Gmane, please see 
>> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
>> -----
>> Please remember to CC this list on all your replies.
>> You can do this by using Reply-To-List or Reply-All.
>> 
>> 
>

More information about the gnucash-user mailing list