Netcetera 3DS Server - Release Notes - Version 2.0.3
Published: Published: 09.04.2019
Version 2.0.3 is a minor release of the Netcetera 3DS Server.
For documentation about this release please refer to the documentation site.
This version is NOT fully backwards compatible with all previous versions of the Netcetera 3DS Server.
NOTE: Make sure to carefully read the release notes of previous versions when skipping versions during upgrade.
As announced in 2.0.2, the feature Handle final Challenge Response from the ACS is deprecated and the configuration field ChallengeResponseNotificationUrl is removed from the configuration. Users that use XML files as configuration source need to remove the UrlConfiguration#ChallengeResponseNotificationUrl element. For users that use database as configuration source, this will be automatically removed when updating the Netcetera 3DS Server Admin application.
Users that also use the 3DS Server to process the final Challenge Response message need to change the flow as well. From this version the 3DS Server will not forward the Challenge Response. The 3DS Server can receive
application/json challenge response messages, decode, validate and log, and return the result of validation. Please refer to the 3DS Challenge page for more details.
- Send challengeMessageExtension in the ThreeDSServerAuthenticationRequest. If present it will set the messageExtension field in the generated Challenge Request. See Authentication Response with Challenge Requested example for more details.
- Configure notificationURL per merchant in XML or database configuration.
- Configure URL for Preparation Requests in the DirectoryServerEndpoint if the DirectoryServer has separate endpoints for authentication and preparation requests. If preparationUrl field is not configured, the value from the url attribute will be used.
- Update NDM simulator to allow end-to-end testing for APP flow.
- Mask MessageExtension data field in AReq, ARes, CReq, RReq and RRes messages. If data field does not contain any content, it will log
N/Aand if it is present, for each data field it will write
Has valuein the transaction log.
- Update nca-3ds-web-sdk.js when generating the Form element to include
sdkMaxTimeoutfield in ThreeDSServerAuthenticationRequest#Sdk is required for Non-Payment transactions when deviceChannel is APP
- If SerialNumber in PreparationResponse is NULL, 3DS Server will remove all existing cached card ranges and replace with the ranges returned in the PreparationResponse
- If a validation error is detected in
PreparationResponse#cardRangeDatathe 3DS Server will send a new PreparationRequest with no SerialNumber (get all card ranges from DirectoryServer)
- Changed the 3DS Challenge handling to receive
application/jsondata instead of
text/html. The 3DS Server
does notsend the challenge response to the Requestor, instead responds with
ThreeDSServerChallengeResponse. It is highly recommended to configure the notificationURL to the merchant or organization site instead of the 3DS Server. Please check the Integration manual and 3DS Server API for mode details.
- Removed the
UrlConfigurationin the XML configuration and from the database. For those who use XML file as configuration source, this configuration field must be removed from the XML configuration file.
challengeMessageExtensionin the ThreeDSServerAuthenticationRequest. If present it will set the messageExtension field in the generated Challenge Request. See Authentication Response with Challenge Requested example for more details.
- Allow 3DS Method notification endpoint to be accessible without trailing slash (
- Allow EhCache, License, 3DS Server XML configuration locations to be optional in the configuration and it will be resolved as documented
- Update validation of
MerchantData#notificationURLfield to allow maximum of 256 characters