3DS 1.0 NDM Simulator Configuration

Verify Enrollment Response (VERes) configuration

The NDM Simulator allows external configuration of the simulated VERes per account number. This simulates the functionality of 3DS 1.0 Directory Server.

Possible types of VERes are listed below:

  • ENROLLED_Y - VALID_RESPONSE, "Enrolled Y: Authentication Available."
  • ENROLLED_N - VALID_RESPONSE, "Enrolled N: Cardholder Not Participating."
  • ENROLLED_U - VALID_RESPONSE, "Enrolled U: Unable To Authenticate."
  • MISSING_ROOT - INVALID_RESPONSE, "Response with a missing root element."
  • MISSING_MESSAGE - INVALID_RESPONSE, "Response with a missing message element."
  • INVALID_MESSAGE - INVALID_RESPONSE, "Response with an invalid message element."
  • MISSING_VERSION - INVALID_RESPONSE, "VERes with missing version."
  • ILLEGAL_VERSION - INVALID_RESPONSE, "VERes with illegal version."
  • MISSING_URL - INVALID_RESPONSE, "VERes with missing url."
  • ILLEGAL_URL - INVALID_RESPONSE, "VERes with illegal url."
  • MISSING_ENROLLED - INVALID_RESPONSE, "VERes with missing enrolled."
  • ILLEGAL_ENROLLED - INVALID_RESPONSE, "VERes with illegal enrolled."
  • ILLEGAL_EXTENSION - INVALID_RESPONSE, "VERes with illegal extension (id and critical are empty)."
  • ERROR_1 - ERROR_RESPONSE, "Error 1: Root element invalid."
  • ERROR_2 - ERROR_RESPONSE, "Error 2: Message element not a defined message."
  • ERROR_3 - ERROR_RESPONSE, "Error 3: Required element missing."
  • ERROR_4 - ERROR_RESPONSE, "Error 4: Critical element not recognized."
  • ERROR_5 - ERROR_RESPONSE, "Error 5: Format of one or more elements is invalid according to the specification."
  • ERROR_6 - ERROR_RESPONSE, "Error 6: Protocol version too old."
  • ERROR_50 - ERROR_RESPONSE, "Error 50: Acquirer not participating."
  • ERROR_51 - ERROR_RESPONSE, "Error 51: Merchant not participating."
  • ERROR_52 - ERROR_RESPONSE, "Error 52: Password missing."
  • ERROR_53 - ERROR_RESPONSE, "Error 53: Incorrect password."
  • ERROR_58 - ERROR_RESPONSE, "Error 58: Incorrect Common Name value in Client Certificate."
  • ERROR_98 - ERROR_RESPONSE, "Error 98: Transient system failure."
  • ERROR_99 - ERROR_RESPONSE, "Error 99: Permanent system failure."
  • ERROR_CUSTOM - ERROR_RESPONSE, "Custom Error: Custom error with an undefined error code."
  • ERROR_CUSTOM_WITH_DIFFERENT_MESSAGE_ID - ERROR_RESPONSE, "Custom Error: Custom error with different message id."
  • IREQ_50 - IREQ_RESPONSE, "IReq 50: Acquirer not participating."
  • IREQ_51 - IREQ_RESPONSE, "IReq 51: Merchant not participating."
  • IREQ_52 - IREQ_RESPONSE, "IReq 52: Password missing."
  • IREQ_53 - IREQ_RESPONSE, "IReq 53: Incorrect password."
  • IREQ_54 - IREQ_RESPONSE, "IReq 54: ISO code not valid (country or currency)."
  • IREQ_55 - IREQ_RESPONSE, "IReq 55: Transaction data not valid."
  • IREQ_56 - IREQ_RESPONSE, "IReq 56: Cardholder PAN is not in range belonging to issuer."
  • IREQ_58 - IREQ_RESPONSE, "IReq 58: Access denied, invalid endpoint."
  • IREQ_98 - IREQ_RESPONSE, "IReq 98: Transient system failure."
  • IREQ_99 - IREQ_RESPONSE, "IReq 99: Permanent system failure."
  • IREQ_CUSTOM - IREQ_RESPONSE, "Custom IReq: Custom IReq with an undefined IReq code."
  • IREQ_ENROLLED_Y - IREQ_RESPONSE, "IReq: Enrolled set to Y"
  • UNSUPPORTED_VERSION - OTHER, "VERes with unsupported version."
  • UNRECOGNIZED_CRITICAL_EXTENSION - OTHER, "VERes with an unrecognized critical extension."
  • SERVER_ERROR - OTHER, "Server Error."
  • TIMEOUT - OTHER, "Timeout: Sleep for 60 seconds."

In order to configure the type of VERes, use the threeds-one-ds-simulator-config.properties configuration file in the $NDM_SIMULATOR_HOME/conf.

If the card is not present in the configuration file, the default response is ENROLLED_Y.

The 3DS 1.0 ACS URL should be configured there as well using threeds-one-ds-simulator-config.acs-url parameter. The value must be in format: http(s)://NDM Simulator Host:NDM Simulator Port/3ds1/acs/authenticate

An example configuration is listed below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
threeds-one-ds-simulator-config.acs-url=http://localhost:8080/3ds1/acs/authenticate
 
# VALID_RESPONSE Category (PANs ending in 0xy)
threeds-one-ds-simulator-config.responses.4234123412340000=ENROLLED_Y
threeds-one-ds-simulator-config.responses.4234123412340001=ENROLLED_N
threeds-one-ds-simulator-config.responses.4234123412340002=ENROLLED_U
# INVALID_RESPONSE Category (PANs ending in 1xy)
threeds-one-ds-simulator-config.responses.4234123412340100=MISSING_ROOT
threeds-one-ds-simulator-config.responses.4234123412340101=MISSING_MESSAGE
threeds-one-ds-simulator-config.responses.4234123412340102=INVALID_MESSAGE
threeds-one-ds-simulator-config.responses.4234123412340103=MISSING_VERSION
threeds-one-ds-simulator-config.responses.4234123412340104=ILLEGAL_VERSION
threeds-one-ds-simulator-config.responses.4234123412340105=MISSING_URL
threeds-one-ds-simulator-config.responses.4234123412340106=ILLEGAL_URL
threeds-one-ds-simulator-config.responses.4234123412340107=MISSING_ENROLLED
threeds-one-ds-simulator-config.responses.4234123412340108=ILLEGAL_ENROLLED
threeds-one-ds-simulator-config.responses.4234123412340109=ILLEGAL_EXTENSION
# ERROR_RESPONSE Category (PANs ending in 2xy)
threeds-one-ds-simulator-config.responses.4234123412340200=ERROR_CUSTOM
threeds-one-ds-simulator-config.responses.4234123412340201=ERROR_1
threeds-one-ds-simulator-config.responses.4234123412340202=ERROR_2
threeds-one-ds-simulator-config.responses.4234123412340203=ERROR_3
threeds-one-ds-simulator-config.responses.4234123412340204=ERROR_4
threeds-one-ds-simulator-config.responses.4234123412340205=ERROR_5
threeds-one-ds-simulator-config.responses.4234123412340206=ERROR_6
threeds-one-ds-simulator-config.responses.4234123412340220=ERROR_CUSTOM_WITH_DIFFERENT_MESSAGE_ID
threeds-one-ds-simulator-config.responses.4234123412340250=ERROR_50
threeds-one-ds-simulator-config.responses.4234123412340251=ERROR_51
threeds-one-ds-simulator-config.responses.4234123412340252=ERROR_52
threeds-one-ds-simulator-config.responses.4234123412340253=ERROR_53
threeds-one-ds-simulator-config.responses.4234123412340258=ERROR_58
threeds-one-ds-simulator-config.responses.4234123412340298=ERROR_98
threeds-one-ds-simulator-config.responses.4234123412340299=ERROR_99
# IREQ_RESPONSE Category (PANs ending in 3xy)
threeds-one-ds-simulator-config.responses.4234123412340300=IREQ_CUSTOM
threeds-one-ds-simulator-config.responses.4234123412340301=IREQ_ENROLLED_Y
threeds-one-ds-simulator-config.responses.4234123412340350=IREQ_50
threeds-one-ds-simulator-config.responses.4234123412340351=IREQ_51
threeds-one-ds-simulator-config.responses.4234123412340352=IREQ_52
threeds-one-ds-simulator-config.responses.4234123412340353=IREQ_53
threeds-one-ds-simulator-config.responses.4234123412340354=IREQ_54
threeds-one-ds-simulator-config.responses.4234123412340355=IREQ_55
threeds-one-ds-simulator-config.responses.4234123412340356=IREQ_56
threeds-one-ds-simulator-config.responses.4234123412340358=IREQ_58
threeds-one-ds-simulator-config.responses.4234123412340398=IREQ_98
threeds-one-ds-simulator-config.responses.4234123412340399=IREQ_99
# OTHER Category (PANs ending in 4xy)
threeds-one-ds-simulator-config.responses.4234123412340400=UNSUPPORTED_VERSION
threeds-one-ds-simulator-config.responses.4234123412340401=UNRECOGNIZED_CRITICAL_EXTENSION
threeds-one-ds-simulator-config.responses.4234123412340402=SERVER_ERROR
threeds-one-ds-simulator-config.responses.4234123412340403=TIMEOUT
# AMEX PAN
threeds-one-ds-simulator-config.responses.3734123412340000=ENROLLED_Y

Payer Authentication Response (PARes) configuration

The NDM Simulator allows external configuration of the simulated PARes per account number. This simulates the functionality of 3DS 1.0 ACS.

Possible types of PARes are listed below:

  • TRANSACTION_STATUS_Y - VALID_RESPONSE, "Transaction Status Y: Customer was successfully authenticated."
  • TRANSACTION_STATUS_N - VALID_RESPONSE, "Transaction Status N: Customer failed or cancelled authentication. Transaction denied."
  • TRANSACTION_STATUS_N_WITH_PAN_LAST_4_DIGITS_NOT_MASKED - VALID_RESPONSE, "Transaction Status N with PAN last 4 digits not masked"
  • TRANSACTION_STATUS_U - VALID_RESPONSE, "Transaction Status U: Authentication could not be completed, due to technical or other problem, as indicated in PARes.IReq."
  • TRANSACTION_STATUS_U_WITH_PAN_LAST_4_DIGITS_NOT_MASKED - VALID_RESPONSE, "Transaction Status U with PAN last 4 digits not masked"
  • TRANSACTION_STATUS_A - VALID_RESPONSE, "Transaction Status A: Proof of authentication attempt was generated."
  • CAVV_ALGORITHM_4 - VALID_RESPONSE, "Response with a cavv algorithm 4."
  • MISSING_ROOT - INVALID_RESPONSE, "Response with a missing root element."
  • MISSING_MESSAGE - INVALID_RESPONSE, "Response with a missing message element."
  • MISSING_MESSAGE_ID - INVALID_RESPONSE, "Response with a missing message id attribute."
  • EMPTY_MESSAGE_ID - INVALID_RESPONSE, "Response with a empty message id attribute."
  • INVALID_MESSAGE - INVALID_RESPONSE, "Response with an invalid message element."
  • MISSING_VERSION - INVALID_RESPONSE, "PARes with missing version."
  • INVALID_PARES_ELEMENT_NAME - OTHER, "Changes name of 'PARes' to 'PPRS"
  • UNDEFINED_ELEMENT_IN_MESSAGE - OTHER, "Undefined element in 'Message' before 'PARes' element"
  • ILLEGAL_VERSION - INVALID_RESPONSE, "PARes with illegal version."
  • NOT_SIGNED - VALID_RESPONSE, "Not Signed PARes."
  • ERROR_1 - ERROR_RESPONSE, "Error 1: Root element invalid."
  • ERROR_2 - ERROR_RESPONSE, "Error 2: Message element not a defined message."
  • ERROR_3 - ERROR_RESPONSE, "Error 3: Required element missing."
  • ERROR_4 - ERROR_RESPONSE, "Error 4: Critical element not recognized."
  • ERROR_5 - ERROR_RESPONSE, "Error 5: Format of one or more elements is invalid according to the specification."
  • ERROR_6 - ERROR_RESPONSE, "Error 6: Protocol version too old."
  • ERROR_50 - ERROR_RESPONSE, "Error 50: Acquirer not participating."
  • ERROR_51 - ERROR_RESPONSE, "Error 51: Merchant not participating."
  • ERROR_52 - ERROR_RESPONSE, "Error 52: Password missing."
  • ERROR_53 - ERROR_RESPONSE, "Error 53: Incorrect password."
  • ERROR_58 - ERROR_RESPONSE, "Error 58: Incorrect Common Name value in Client Certificate."
  • ERROR_98 - ERROR_RESPONSE, "Error 98: Transient system failure."
  • ERROR_99 - ERROR_RESPONSE, "Error 99: Permanent system failure."
  • ERROR_CUSTOM - ERROR_RESPONSE, "Custom Error: Custom error with an undefined error code."
  • ERROR_CUSTOM_WITH_DIFFERENT_MESSAGE_ID - ERROR_RESPONSE, "Custom Error: Custom error with different message id."
  • IREQ_50 - IREQ_RESPONSE, "IReq 50: Acquirer not participating."
  • IREQ_51 - IREQ_RESPONSE, "IReq 51: Merchant not participating."
  • IREQ_52 - IREQ_RESPONSE, "IReq 52: Password missing."
  • IREQ_53 - IREQ_RESPONSE, "IReq 53: Incorrect password."
  • IREQ_54 - IREQ_RESPONSE, "IReq 54: ISO code not valid (country or currency)."
  • IREQ_55 - IREQ_RESPONSE, "IReq 55: Transaction data not valid."
  • IREQ_56 - IREQ_RESPONSE, "IReq 56: Cardholder PAN is not in range belonging to issuer."
  • IREQ_58 - IREQ_RESPONSE, "IReq 58: Access denied, invalid endpoint."
  • IREQ_98 - IREQ_RESPONSE, "IReq 98: Transient system failure."
  • IREQ_99 - IREQ_RESPONSE, "IReq 99: Permanent system failure."
  • IREQ_CUSTOM - IREQ_RESPONSE, "Custom IReq: Custom IReq with an undefined IReq code."
  • UNSUPPORTED_VERSION - OTHER, "PARes with unsupported version."
  • UNRECOGNIZED_CRITICAL_EXTENSION - OTHER, "PARes with an unrecognized critical extension."
  • SERVER_ERROR - OTHER, "Server Error."
  • TIMEOUT - OTHER, "Timeout: Sleep for 600 seconds."

In order to configure the type of PARes, use the threeds-one-acs-simulator-config.properties configuration file in the $NDM_SIMULATOR_HOME/conf.

If the card is not present in the configuration file, the default response is TRANSACTION_STATUS_N.

The NDM simulator is signing the content of a PARes. The signing certificate store location, alias and password must be configured here as well.

An example configuration is listed below:

1
2
3
4
5
6
7
8
9
10
11
threeds-one-acs-simulator-config.signing-keystore-location=file:client.jks
threeds-one-acs-simulator-config.signing-keystore-alias=3ds1-acs-signing
threeds-one-acs-simulator-config.signing-keystore-password=secret
 
threeds-one-acs-simulator-config.responses.4000001000000000=TRANSACTION_STATUS_Y
threeds-one-acs-simulator-config.responses.4000001000000005=TRANSACTION_STATUS_Y
threeds-one-acs-simulator-config.responses.4234123412340000=TRANSACTION_STATUS_Y
threeds-one-acs-simulator-config.responses.4234123412340006=TRANSACTION_STATUS_U
threeds-one-acs-simulator-config.responses.4234123412340007=TRANSACTION_STATUS_A
threeds-one-acs-simulator-config.responses.5333259155643223=TRANSACTION_STATUS_Y
threeds-one-acs-simulator-config.responses.5512459816707531=TRANSACTION_STATUS_Y