Netcetera 3DS Server 2 - Release Notes - Version 2.0.3

Published: 09.04.2019

Version 2.0.3 is a minor release of the Netcetera 3DS Server 2.

For documentation about this release please refer to the documentation site.

Compatibility

This version is NOT fully backwards compatible with all previous versions of the Netcetera 3DS Server 2.

NOTE: Make sure to carefully read the release notes of previous versions when skipping versions during upgrade.

As announced in 2.0.2, the feature Handle final Challenge Response from the ACS is deprecated and the configuration field ChallengeResponseNotificationUrl is removed from the configuration. Users that use XML files as configuration source need to remove the UrlConfiguration#ChallengeResponseNotificationUrl element. For users that use database as configuration source, this will be automatically removed when updating the Netcetera 3DS Server Admin application.

Users that also use the 3DS Server to process the final Challenge Response message need to change the flow as well. From this version the 3DS Server will not forward the Challenge Response. The 3DS Server can receive application/json challenge response messages, decode, validate and log, and return the result of validation. Please refer to the 3DS Challenge page for more details.

Changes

Bug Fixes

  • Allow 3DS Method notification endpoint to be accessible without trailing slash (fully-qualified-url-3ds-server/3ds/3ds-method-notification)
  • Allow EhCache, License, 3DS Server XML configuration locations to be optional in the configuration and it will be resolved as documented
  • Update validation of MerchantData#notificationURL field to allow maximum of 256 characters

Improvements

  • Mask MessageExtension data field in AReq, ARes, CReq, RReq and RRes messages. If data field does not contain any content, it will log N/A and if it is present, for each data field it will write Has value in the transaction log.
  • Update nca-3ds-web-sdk.js when generating the Form element to include application/x-www-form-urlencoded;charset=UTF-8 for enctype attribute
  • sdkMaxTimeout field in ThreeDSServerAuthenticationRequest#Sdk is required for Non-Payment transactions when deviceChannel is APP
  • If SerialNumber in PreparationResponse is NULL, 3DS Server will remove all existing cached card ranges and replace with the ranges returned in the PreparationResponse
  • If a validation error is detected in PreparationResponse#cardRangeData the 3DS Server will send a new PreparationRequest with no SerialNumber (get all card ranges from DirectoryServer)
  • Changed the 3DS Challenge handling to receive application/json data instead of text/html. The 3DS Server does not send the challenge response to the Requestor, instead responds with ThreeDSServerChallengeResponse. It is highly recommended to configure the notificationURL to the merchant or PSP site instead of the 3DS Server. Please check the Integration manual and 3DS Server API for mode details.
  • Removed the ChallengeResponseNotificationUrl from UrlConfiguration in the XML configuration and from the database. For those who use XML file as configuration source, this configuration field must be removed from the XML configuration file.

New Features

  • Send challengeMessageExtension in the ThreeDSServerAuthenticationRequest. If present it will set the messageExtension field in the generated Challenge Request. See Authentication Response with Challenge Requested example for more details.
  • Configure notificationURL per merchant in XML or database configuration.
  • Configure URL for Preparation Requests in the DirectoryServerEndpoint if the DirectoryServer has separate endpoints for authentication and preparation requests. If preparationUrl field is not configured, the value from the url attribute will be used.
  • Update NDM simulator to allow end-to-end testing for APP flow.