2

We have configured a test for the up comming 3DSv2 payment card checks. The test.sagepay.co.uk server responds with a page not found for 'https://test.sagepay.com/html_challenge_answer' which is their response to a correct challenge.

Has anyone else been successful in testing this on their version 4.00 implementation?

<form action="https://test.sagepay.com/3ds-simulator/html_challenge" name="threed1form" method="post">

    <input type="hidden" name="creq" value="ewogICJtZXNzYWdlVHlwZSIgOiAiQ1JlcSIsCiAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjEuMCIsCiAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIiA6ICI0NzE3Nzc3Yi0yYjA3LTQzOGQtYWU1OS0xNjE2NzFiNzJkYTAiLAogICJhY3NUcmFuc0lEIiA6ICJkMjBlMTQyZC1lYWEyLTRjMTMtYTAyYy1jN2EwMmZmNDMyMDgiLAogICJjaGFsbGVuZ2VXaW5kb3dTaXplIiA6ICIwMSIKfQ"/>

    <input type="hidden" name="threeDSSessionData" value="{39D1BC2D-AC1D-8267-753E-2AEDB9E2DE9D}"/>

    <input type="hidden" name="ThreeDSNotificationURL" value="https://sss.xxxx.eu/3DCallback.asp"/>

    Click the button below :-<br> 
    <input type="submit" value="Go 3DS "/>
ItsPete
  • 2,363
  • 3
  • 27
  • 35
Steve Hartley
  • 31
  • 5

3 Answers3

1

Spoke to SagePay this morning,

They are aware of the problem at their end, they are unable to say when this may be fixed.

Additionally they are unable to confirm when V4.00 Direct integration will be available on the live server.

Hope this helps

Update

@SteveWinn. & @KH S.

Your answers helped and contributed to moving forward. Appreciated.

On speaking to sagepay they are unable to indicate what exactly will happen on the 14 th September 2019, they reckon the Banks themselves may not be ready to implement this by then.

Hope this helps

Steve Hartley
  • 31
  • 5
0

@SteveWinn, I'm having the exact same problem as you. I'm pretty sure my VPSTxId is correct and getting the same error. I'm wondering if /direct3dcallback.vsp has not been updated to 4.00 as it is responding with 3.00?

UPDATE:

After having the exact same problem as reported by @SteveWinn, I gave sage a call. They suggested removing curly brackets from the start and end of the VPSTxId when sending it to "/direct3dcallback.vsp". I thought this was a bit or a strange suggestion, as vspdirect-register.vsp added the curly brackets in the first place, but I removed them and everything springs to life.

In a nutshell, to fix, return the VPSTxId as: abc123-4567-FG5F-DFESDFR12243 not {abc123-4567-FG5F-DFESDFR12243}

rgettman
  • 176,041
  • 30
  • 275
  • 357
D3monite
  • 11
  • 2
0

Have a look at this post: Direct Protocol 4.00: PDS2 - 5083: VpsTxId provided in callback does not match transaction in CRes

Looks like we need to remove the curly brackets from the VPSTxId.

Once you post to https://test.sagepay.com/3ds-simulator/html_challenge the challenge window will come up. Complete the Challenge. After the challenge has been completed you need to read the cres and VPSTxId from the posted data from the bank. This will come to the ThreeDSNotificationURL you provided with your payment request.

I do this with an iFrame in a Modal. The iFrame loads first one of my pages with the post data for the bank. Then the challenge window and then my ThreeDSNotificationURL which reads the post data (from the bank) and if successful sends to the thank you page breaking out of the iframe.

Hope this helps.

Smitthhy, just saw your last post here. Here how I do this for 3DSecure v2:

I get the SagePay response.
If the payment get challenged I redirect to a page which handles that.
That page has the modal with an iFrame.
The iFrame loads another page which I show here:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="ChallengeiFrame.aspx.cs" Inherits="ac_ChallengeiFrame" %>

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title></title>
</head>
<body>
  <div id="content">
  <div id="contentHeader">
     Your Bank requires Authentication
  </div>
     <p>
     Please click the button below to continue.
     </p>

     <form action="<%= sACSUrl %>" method="post">
     <input type="hidden" name="creq" value="<%= sCReq %>" />
     <input type="hidden" name="threeDSSessionData" value="<%= sVPSTxId   %>" />
      <input type="submit" value="Click to continue" />
     </form>
     </div>
 </body>
 </html>

The customer clicks the button (I don't have an auto post version. I rather let the customer know what happens next so he is not surprised with that challenge window) which posts to SagePay (see the hidden fields and the form action to the ACSURL.

The response from SagePay gets picked up by the page I submitted as the ThreeDSNotificationURL for 3DSecure v2. That page handle the response and finish the order.

Hope this helps.

KH S
  • 444
  • 1
  • 4
  • 8
  • 1
    Hi Smitthhy, I think you better start a new post with your question. It would be easier to reply. I think if you start the question you can add a comment to an answer. I have not enough points to comment on your "answer" which is actually a question. It's gets a bit messy for the page here. You can then also post the code you have so far. – KH S Aug 29 '19 at 13:32