问题
We have configured a test for the up comming 3DSv2 payment card checks. The test.sagepay.co.uk
server responds with a page not found for 'https://test.sagepay.com/html_challenge_answer' which is their response to a correct challenge.
Has anyone else been successful in testing this on their version 4.00 implementation?
<form action="https://test.sagepay.com/3ds-simulator/html_challenge" name="threed1form" method="post">
<input type="hidden" name="creq" value="ewogICJtZXNzYWdlVHlwZSIgOiAiQ1JlcSIsCiAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjEuMCIsCiAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIiA6ICI0NzE3Nzc3Yi0yYjA3LTQzOGQtYWU1OS0xNjE2NzFiNzJkYTAiLAogICJhY3NUcmFuc0lEIiA6ICJkMjBlMTQyZC1lYWEyLTRjMTMtYTAyYy1jN2EwMmZmNDMyMDgiLAogICJjaGFsbGVuZ2VXaW5kb3dTaXplIiA6ICIwMSIKfQ"/>
<input type="hidden" name="threeDSSessionData" value="{39D1BC2D-AC1D-8267-753E-2AEDB9E2DE9D}"/>
<input type="hidden" name="ThreeDSNotificationURL" value="https://sss.xxxx.eu/3DCallback.asp"/>
Click the button below :-<br>
<input type="submit" value="Go 3DS "/>
回答1:
Spoke to SagePay this morning,
They are aware of the problem at their end, they are unable to say when this may be fixed.
Additionally they are unable to confirm when V4.00 Direct integration will be available on the live server.
Hope this helps
Update
@SteveWinn. & @KH S.
Your answers helped and contributed to moving forward. Appreciated.
On speaking to sagepay they are unable to indicate what exactly will happen on the 14 th September 2019, they reckon the Banks themselves may not be ready to implement this by then.
Hope this helps
回答2:
The html_challenge page mentioned above is now working.
I have what may be a new problem on the term_url/3D secure callbackurl:
When posting to /direct3dcallback.vsp I receive the error below. Has anyone managed to test end to end? I'm fairly sure my VPSTxId is correct.
VPSProtocol: 3.00 Status: INVALID StatusDetail: 5083 : VpsTxId provided in callback does not match transaction in CRes
回答3:
@SteveWinn, I'm having the exact same problem as you. I'm pretty sure my VPSTxId is correct and getting the same error. I'm wondering if /direct3dcallback.vsp has not been updated to 4.00 as it is responding with 3.00?
UPDATE:
After having the exact same problem as reported by @SteveWinn, I gave sage a call. They suggested removing curly brackets from the start and end of the VPSTxId when sending it to "/direct3dcallback.vsp". I thought this was a bit or a strange suggestion, as vspdirect-register.vsp added the curly brackets in the first place, but I removed them and everything springs to life.
In a nutshell, to fix, return the VPSTxId as: abc123-4567-FG5F-DFESDFR12243 not {abc123-4567-FG5F-DFESDFR12243}
回答4:
Have a look at this post: Direct Protocol 4.00: PDS2 - 5083: VpsTxId provided in callback does not match transaction in CRes
Looks like we need to remove the curly brackets from the VPSTxId.
Once you post to https://test.sagepay.com/3ds-simulator/html_challenge the challenge window will come up. Complete the Challenge. After the challenge has been completed you need to read the cres and VPSTxId from the posted data from the bank. This will come to the ThreeDSNotificationURL you provided with your payment request.
I do this with an iFrame in a Modal. The iFrame loads first one of my pages with the post data for the bank. Then the challenge window and then my ThreeDSNotificationURL which reads the post data (from the bank) and if successful sends to the thank you page breaking out of the iframe.
Hope this helps.
Smitthhy, just saw your last post here. Here how I do this for 3DSecure v2:
I get the SagePay response.
If the payment get challenged I redirect to a page which handles that.
That page has the modal with an iFrame.
The iFrame loads another page which I show here:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="ChallengeiFrame.aspx.cs" Inherits="ac_ChallengeiFrame" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title></title>
</head>
<body>
<div id="content">
<div id="contentHeader">
Your Bank requires Authentication
</div>
<p>
Please click the button below to continue.
</p>
<form action="<%= sACSUrl %>" method="post">
<input type="hidden" name="creq" value="<%= sCReq %>" />
<input type="hidden" name="threeDSSessionData" value="<%= sVPSTxId %>" />
<input type="submit" value="Click to continue" />
</form>
</div>
</body>
</html>
The customer clicks the button (I don't have an auto post version. I rather let the customer know what happens next so he is not surprised with that challenge window) which posts to SagePay (see the hidden fields and the form action to the ACSURL.
The response from SagePay gets picked up by the page I submitted as the ThreeDSNotificationURL for 3DSecure v2. That page handle the response and finish the order.
Hope this helps.
回答5:
KH-S many thanks.
So if Sage requests 3D auth, you open a page for your customer with an iFrame, the source of the iFrame is created by the script that you show in your post?
How do you deal with the fall back to 3DSv1, i.e. PAReq and MD instead of CReq and VPSTxId.
Are you determining the form to build for the iFrame depending on the content of the CReq VPSTxId or PAReq MD i.e. what is your basis for determining if you are being challenged with 3DSv1 or 3DSv2?
I tend to agree that it's better to ask the customer to click the authenticate button so that they have an idea what is going on and not just auto submit the form.
回答6:
KH-S, or anyone with a working example of 3dS on SagePay Direct.
I'm really struggling to follow the SagePay direct integration protocol 4 documentation.
Where I am really stuck is on how to set up the iFrame and have it autosubmit.
Could you possibly help with some basic code example of how you have yours working. SagePay docs have the following code:
<iframe src="3DRedirect.asp" name="3Diframe"> <form action="${acsUrl}" method="post">
<input type="hidden" name="creq" value="${creq}" />
<input type="hidden" name="threeDSSessionData" value="${threeDSSessionData}" /> <p>Please click button below to proceed to 3D secure.</p>
<input type="submit" value="Go"/>
</form> </iframe>
But no explanation for where the source of the iFrame comes from, or how to make the iFrame autosubmit.
I am sure that there are a lot of people out there trying to get the changes implemented within the next few weeks.
Thanks KH-S I have posted a new question at 3DSv2 Sagepay Direct Integration basics
来源:https://stackoverflow.com/questions/57316479/3dsv2-sagepay-direct-integration-page-not-found-after-correct-challenge