3DS 2.x NDM Simulator Configuration

NDM Simulator Configuration Properties

An application.properties file in the $NDM_SIMULATOR_HOME/conf directory is used to set configuration options for the Netcetera Demo Merchant Simulator.

The available configuration options and their default values are listed below.

Note: If you don't configure a value for one of the properties in your application.properties, the default value as shown below will be used.

2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
server.port=
### Logging
logging.config=classpath:log4j2-prod.xml
#
# The resource location of the ThreeDS Server license (e.g. file:/etc/threeDSServerLicense/3dss.lic)
#
# Use a "file:" prefix for resources located on the file system.
# Use a "http:" prefix for resources loaded from an URL.
# Use a "classpath:" prefix for resources located on the classpath.
#
# If not specified it defaults to file:\${user.home}/3dss.lic
# (\${user.home} is the user's home directory)
#
license.resource-location=
### Certificate configuration used to generate RestTemplate for the simulator to send RReq to the 3DS Server
#
# The https protocols (i.e. TLS versions) the 3DSS Demo should use when establishing a connection to the 3DS Server.
# According to the 3DS Specification, the minimum supported TLS version is TLSv1.2
#
ds-simulator-config.httpsProtocols=TLSv1.2
#
# The supported cipher suites for outbound 2-way SSL connections to the 3DS Server.
#
ds-simulator-config.supported.cipher.suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#
# Location of the TrustStore containing CA certificates. Used for creating the RestTemplate when simulating Results Request
# messages to the 3DS Server.
#
ds-simulator-config.truststore.path=
#
# Password for accessing the TrustStore.
#
ds-simulator-config.truststore.password=
#
# Location of the KeyStore containing certificates for the outgoing connection to the 3DS Server. Used for creating the
# RestTemplate when simulating Results Request messages to the 3DS Server.
#
ds-simulator-config.clientstore.path=
#
# Password for accessing the KeyStore.
#
ds-simulator-config.clientstore.password=
# Frontend configuration properties
#
# Fully qualified URL of the 3DS Demo instance.
#
threedss.frontend.configs.simulator-api=
#
# List of fully qualified URLs of the 3DS Server instances. The list is used for the Demo Simulator application to allow
# choosing the 3DS Server instance which will process the Authentication Request.
# The URLs need to contain the protocol, hostname, port, and if needed, the context path.
#
# This property is a comma-separated value.
#
# Example: http://3ds.server.instance.one,https://3ds2.server.instance:5000,https://3ds2.server.instance/3ds-server-instance/
#
threedss.frontend.configs.instance.endpoints=
#
# The token string appended to the 3DS Method Notification URL of the 3DS Server when 3DS Server implementation of the 3DS Method
# notification response handler is used. This property is used when the Demo simulator application sends a 3DS
# Method Completion Request to the Netcetera 3DS Server Notification URL.
#
threedsmethod.notification-url.token=
#
# The location of the challenge template for entering an OTP. The NDM Simulator allows customized challenge template
# and in such case this property should be overridden. Use a "file:" prefix for resources located on the file
# system (e.g. file:/etc/ndm-simulator/templates/custom-creq-form.html). However, the customized template must
# contain predefined placeholders. Visit the Netcetera Demo Merchant Simulator documentation for more details.
#
# If not overridden, this property defaults to the NDM Simulator packaged default challenge template.
#
ds-simulator-config.creq-form.template-location=templates/creq-form.html

Authentication Response and Results Request Configuration

The NDM Simulator allows external configuration of the simulated Authentication response and Results request per account number.

Possible types of Authentication Responses are listed below:

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
public enum AuthenticationResponseTypeEnum {
 
  /**
   * Authenticated application frictionless authentication response.
   */
  AUTHENTICATED_APPLICATION_FRICTIONLESS,
  /**
   * Not authenticated application frictionless authentication response.
   */
  NOT_AUTHENTICATED_APPLICATION_FRICTIONLESS,
  /**
   * Invalid application frictionless authentication response with missing sdkTransId.
   */
  APPLICATION_FRICTIONLESS_MISSING_SDK_TRANS_ID,
  /**
   * Application challenge authentication response.
   */
  APPLICATION_CHALLENGE,
  /**
   * Invalid application challenge authentication response with sdkTransId having invalid format.
   */
  APPLICATION_CHALLENGE_SDK_TRANS_ID_INVALID_FORMAT,
  /**
   * Authenticated browser frictionless authentication response.
   */
  AUTHENTICATED_BROWSER_FRICTIONLESS,
  /**
   * Not authenticated browser frictionless authentication response.
   */
  NOT_AUTHENTICATED_BROWSER_FRICTIONLESS,
  /**
   * Invalid browser frictionless authentication response with missing dsTransId.
   */
  BROWSER_FRICTIONLESS_MISSING_DS_TRANS_ID,
  /**
   * Browser challenge authentication response.
   */
  BROWSER_CHALLENGE,
  /**
   * Invalid browser challenge authentication response with missing acsURL.
   */
  BROWSER_CHALLENGE_MISSING_ACS_URL,
  /**
   * 3RI authentication response.
   */
  THREE_RI,
  /**
   * 3RI challenge authentication response.
   */
  THREE_RI_CHALLENGE,
  /**
   * Protocol error.
   */
  PROTOCOL_ERROR,
  /**
   * Browser using Decoupled Authentication.
   */
  BROWSER_DECOUPLED_CHALLENGE_VERSION_2_2_0,
 
  /**
   * Authenticated, Merchant whitelisted.
   */
  AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0,
 
  /**
   * Merchant whitelisted in challenge.
   */
  MERCHANT_WHITELIST_IN_CHALLENGE
}

Possible types of Results Request are listed below:

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
public enum ResultsRequestTypeEnum {
 
  /**
   * Results request indicating authenticated transaction.
   */
  AUTHENTICATED_TRANSACTION,
  /**
   * Invalid results request indicating authenticated transaction.
   */
  AUTHENTICATED_TRANSACTION_MISSING_AUTHENTICATION_VALUE,
  /**
   * Authenticated transaction with possibility to configure merchant whitelist.
   */
  AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0,
  /**
   * Not authenticated transaction with possibility to configure merchant whitelist.
   */
  NOT_AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0,
  /**
   * Results request indicating not authenticated transaction.
   */
  NOT_AUTHENTICATED_TRANSACTION,
  /**
   * Protocol error.
   */
  PROTOCOL_ERROR
 
}

In order to configure the type of Authentication response and Results Request per account number, use the cardholder-numbers-simulated-message-types.properties configuration file in the $NDM_SIMULATOR_HOME/conf. An example on how to configure it is listed below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000000.aRes=AUTHENTICATED_APPLICATION_FRICTIONLESS
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000001.aRes=NOT_AUTHENTICATED_APPLICATION_FRICTIONLESS
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000002.aRes=APPLICATION_FRICTIONLESS_MISSING_SDK_TRANS_ID
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000003.aRes=APPLICATION_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000003.rReq=AUTHENTICATED_TRANSACTION
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000004.aRes=APPLICATION_CHALLENGE_SDK_TRANS_ID_INVALID_FORMAT
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000005.aRes=AUTHENTICATED_BROWSER_FRICTIONLESS
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000006.aRes=NOT_AUTHENTICATED_BROWSER_FRICTIONLESS
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000007.aRes=BROWSER_FRICTIONLESS_MISSING_DS_TRANS_ID
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000008.aRes=BROWSER_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000008.rReq=NOT_AUTHENTICATED_TRANSACTION
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000009.aRes=BROWSER_CHALLENGE_MISSING_ACS_URL
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000010.aRes=THREE_RI
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000110.aRes=THREE_RI_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000110.rReq=AUTHENTICATED_TRANSACTION
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000011.aRes=PROTOCOL_ERROR
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4916486411972975.aRes=BROWSER_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4916486411972975.rReq=AUTHENTICATED_TRANSACTION
threedsdemo.cardholderNumbersSimulatedMessageTypes.num7654310438720050.aRes=APPLICATION_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num7654310438720050.rReq=NOT_AUTHENTICATED_TRANSACTION
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000012.aRes=BROWSER_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000012.rReq=AUTHENTICATED_TRANSACTION_MISSING_AUTHENTICATION_VALUE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000013.aRes=APPLICATION_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000013.rReq=PROTOCOL_ERROR
threedsdemo.cardholderNumbersSimulatedMessageTypes.num6000009000000001.aRes=BROWSER_DECOUPLED_CHALLENGE_VERSION_2_2_0
threedsdemo.cardholderNumbersSimulatedMessageTypes.num6000009000000001.rReq=NOT_AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0
threedsdemo.cardholderNumbersSimulatedMessageTypes.num6000009000000002.aRes=AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000009000000003.aRes=BROWSER_CHALLENGE
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000009000000003.rReq=AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0,MTIzNDU2Nzg5MDA5ODc2NTQzMjE=,02,17,Y,80
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4844681858965048.aRes=MERCHANT_WHITELIST_IN_CHALLENGE

There is also a possibility to configure specific message fields values per authentication response and results request type. The configurable message fields per authentication response type are listed below and (if configured) they must be provided in that specific order.

  • AUTHENTICATED_APPLICATION_FRICTIONLESS - authenticationValue,eci
  • NOT_AUTHENTICATED_APPLICATION_FRICTIONLESS - transStatusReason
  • APPLICATION_FRICTIONLESS_MISSING_SDK_TRANS_ID - authenticationValue,eci
  • APPLICATION_CHALLENGE - transStatusReason, acsChallengeMandated, authenticationType
  • APPLICATION_CHALLENGE_SDK_TRANS_ID_INVALID_FORMAT - transStatusReason, acsChallengeMandated, authenticationType
  • AUTHENTICATED_BROWSER_FRICTIONLESS - authenticationValue, eci
  • NOT_AUTHENTICATED_BROWSER_FRICTIONLESS - transStatusReason
  • BROWSER_FRICTIONLESS_MISSING_DS_TRANS_ID - authenticationValue, eci
  • BROWSER_CHALLENGE - transStatusReason, acsChallengeMandated, authenticationType
  • BROWSER_CHALLENGE_MISSING_ACS_URL - transStatusReason, acsChallengeMandated, authenticationType
  • BROWSER_DECOUPLED_CHALLENGE_VERSION_2_2_0 - transStatusReason, acsChallengeMandated, authenticationType
  • AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0 - authenticationValue, eci, whiteListStatus, whiteListStatusSource
  • THREE_RI - authenticationValue,eci
  • THREE_RI_CHALLENGE - transStatusReason, acsChallengeMandated, authenticationType
  • PROTOCOL_ERROR - errorComponent, errorCode, errorDescription, errorDetail
  • MERCHANT_WHITELIST_IN_CHALLENGE * When a card number with this simulation is used, the first response is BROWSER_CHALLENGE/APPLICATION_CHALLENGE. A checkbox will be shown in the challenge form for whitelisting a merchant. If this checkbox is checked every other transaction will be AUTHENTICATED_BROWSER_FRICTIONLESS/AUTHENTICATED_APPLICATION_FRICTIONLESS for a pre-configured period of time which is configured in the ehcache configuration for 'merchantWhitelistingData' cache'. Otherwise it will still be a BROWSER_CHALLENGE/APPLICATION_CHALLENGE.

The configurable message fields per results request type are listed below and (if configured) they must be provided in that specific order.

  • AUTHENTICATED_TRANSACTION - authenticationValue, eci, transStatusReason,authenticationType
  • NOT_AUTHENTICATED_TRANSACTION - transStatusReason, authenticationType
  • AUTHENTICATED_TRANSACTION_MISSING_AUTHENTICATION_VALUE - eci, transStatusReason, authenticationType
  • PROTOCOL_ERROR - errorComponent, errorCode, errorDescription, errorDetail
  • AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0 - authenticationValue, eci, transStatusReason, whitelistStatus, whitelistStatusSource
  • NOT_AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0 - transStatusReason, whitelistStatus, whitelistStatusSource

The format requirements for each configurable message field are listed below:

  • authenticationValue - String, 28 characters
  • eci - String, 2 characters
  • transStatusReason - Values accepted:
    • 01 - CARD_AUTHENTICATION_FAILED
    • 02 - UNKNOWN_DEVICE
    • 03 - UNSUPPORTED_DEVICE
    • 04 - EXCEEDS_AUTHENTICATION_FREQUENCY_LIMIT
    • 05 - EXPIRED_CARD
    • 06 - INVALID_CARDNUMBER
    • 07 - INVALID_TRANSACTION
    • 08 - NO_CARD_RECORD
    • 09 - SECURITY_FAILURE
    • 10 - STOLEN_CARD
    • 11 - SUSPECTED_FRAUD
    • 12 - TRANSACTION_NOT_PERMITTED_TO_CARDHOLDER
    • 13 - CARDHOLDER_NOT_ENROLLED_IN_SERVICE
    • 14 - TRANSACTION_TIMED_OUT_AT_THE_ACS
    • 15 - LOW_CONFIDENCE
    • 16 - MEDIUM_CONFIDENCE
    • 17 - HIGH_CONFIDENCE
    • 18 - VERY_HIGH_CONFIDENCE
    • 19 - EXCEEDS_ACS_MAXIMUM_CHALLENGES
    • 20 - NON_PAYMENT_TRANSACTION_NOT_SUPPORTED
    • 21 - THREE_RI_TRANSACTION_NOT_SUPPORTED
  • acsChallengeMandated - Values accepted:
    • Y - CHALLENGE_IS_MANDATED
    • N - CHALLENGE_IS_NOT_MANDATED
  • authenticationType - Values accepted:
    • 01 - STATIC
    • 02 - DYNAMIC
    • 03 - OUT_OF_BAND
  • whiteListStatus - Values accepted:
    • Y - WHITELISTED
    • N - NOT_WHITELISTED
    • E - NOT_ELIGIBLE_FOR_WHITELISTING
    • P - PENDING_CONFIRMATION
    • U - UNKNOWN
  • whiteListStatusSource - Values accepted:
    • 01 - THREE_DS_SERVER
    • 02 - DS
    • 03 - ACS
  • errorComponent - Values accepted:
    • C - THREE_DS_SDK
    • S - THREE_DS_SERVER
    • D - DIRECTORY_SERVER
    • A - ACCESS_CONTROL_SERVER
  • errorCode - Values accepted:
    • 101 - MESSAGE_RECEIVED_INVALID
    • 102 - MESSAGE_VERSION_NUMBER_NOT_SUPPORTED
    • 103 - SENT_MESSAGES_LIMIT_EXCEEDED
    • 201 - REQUIRED_ELEMENT_MISSING
    • 202 - CRITICAL_MESSAGE_EXTENSION_NOT_RECOGNIZED
    • 203 - FORMAT_ON_ONE_OR_MORE_ELEMENTS_INVALID_ACCORDING_SPECS
    • 204 - DUPLICATE_DATA_ELEMENT
    • 301 - TRANSACTION_ID_NOT_RECOGNIZED
    • 302 - DATA_DECRYPTION_FAILURE
    • 303 - ACCESS_DENIED_INVALID_ENDPOINT
    • 304 - ISO_CODE_NOT_VALID
    • 305 - TRANSACTION_DATA_NOT_VALID
    • 306 - MCC_NOT_VALID_FOR_PAYMENT_SYSTEM
    • 307 - SERIAL_NUMBER_NOT_VALID
    • 402 - TRANSACTION_TIMED_OUT
    • 403 - TRANSIENT_SYSTEM_FAILURE
    • 404 - PERMANENT_SYSTEM_FAILURE
    • 405 - SYSTEM_CONNECTION_FAILURE
  • errorDescription - String, maximum 2048 characters
  • errorDetail - String, maximum 2048 characters

In order to configure the authentication response and results request specific fields, the cardholder-numbers-simulated-message-types.properties configuration file in the $NDM_SIMULATOR_HOME/conf should be also used. If no configuration is provided for the message fields, default values will be used. An example configuration is listed below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000000.aRes=AUTHENTICATED_APPLICATION_FRICTIONLESS,MTIzNDU2Nzg5MDA5ODc2NTQkokW=,09
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000001.aRes=NOT_AUTHENTICATED_APPLICATION_FRICTIONLESS,01
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000002.aRes=APPLICATION_FRICTIONLESS_MISSING_SDK_TRANS_ID,MTIzNDU2Nzg5MDA5ODc2NTQkokW=,09
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000003.aRes=APPLICATION_CHALLENGE,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000003.rReq=AUTHENTICATED_TRANSACTION,MTIzNDU2Nzg5MDA5ODc2NTQzMjE=,02,18,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000004.aRes=APPLICATION_CHALLENGE_SDK_TRANS_ID_INVALID_FORMAT,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000005.aRes=AUTHENTICATED_BROWSER_FRICTIONLESS,MTIzNDU2Nzg5MDA5ODc2NTQkokW=,09
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000006.aRes=NOT_AUTHENTICATED_BROWSER_FRICTIONLESS,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000007.aRes=BROWSER_FRICTIONLESS_MISSING_DS_TRANS_ID,MTIzNDU2Nzg5MDA5ODc2NTQkokW=,09
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000008.aRes=BROWSER_CHALLENGE,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000008.rReq=NOT_AUTHENTICATED_TRANSACTION,07,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000009.aRes=BROWSER_CHALLENGE_MISSING_ACS_URL,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000010.aRes=THREE_RI,MTIzNDU2Nzg5MDA5ODc2NTQkokW=,09
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000011.aRes=PROTOCOL_ERROR,D,101,error description,error detail
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000012.aRes=BROWSER_CHALLENGE,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000012.rReq=AUTHENTICATED_TRANSACTION_MISSING_AUTHENTICATION_VALUE,02,07,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000013.aRes=APPLICATION_CHALLENGE,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000013.rReq=PROTOCOL_ERROR,A,201,error description,error detail
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000014.aRes=BROWSER_DECOUPLED_CHALLENGE_VERSION_2_2_0,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000014.rReq=AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0,MTIzNDU2Nzg5MDA5ODc2NTQkokW=,09,18,Y,03
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000015.aRes=AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0,MTIzNDU2Nzg5MDA5ODc2NTQkokW=,09,Y,01
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000016.aRes=BROWSER_DECOUPLED_CHALLENGE_VERSION_2_2_0,01,Y,02
threedsdemo.cardholderNumbersSimulatedMessageTypes.num4000001000000016.rReq=NOT_AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0,18,N,03

Card Range Data Configuration

The NDM Simulator allows external configuration of the Preparation response card ranges data used when simulating a Directory Server.

Each card range is configured in a separate row following the order of the message fields:

  • startRange - Start of the card range
  • endRange - End of the card range
  • actionIndicator - Indicates the action to take with the card range. Value accepted:
    • A = Add the card range
    • D = Delete the card range
    • M = Modify the card range (only for PReq messages with message version 2.2.0)
    • R = Randomly pick whether the action indicator to be A (Add)/D (Delete)
  • acsStartProtocolVersion - The earliest (i.e. oldest) active protocol version that is supported by the ACS
  • acsEndProtocolVersion - The most recent active protocol version that is supported for the ACS URL
  • dsStartProtocolVersion - The earliest (i.e. oldest) active protocol version that is supported by the DS
  • dsEndProtocolVersion - The most recent active protocol version that is supported for the DS
  • acsInfoIndicator - Indicates how actively and with which features a card range is participating in 3DS authentication.
    • 01 - Authentication available
    • 02 - Attempts supported
    • 03 - Decoupled authentication supported
    • 04 - Whitelisting supported
  • threeDSMethodURL - The ACS URL that will be used by the 3DS Method.

The fields values are separated with comma and are defined in that specific order.

Once the card ranges are configured a preparation response including them will be returned on the following endpoint:

  • fully-qualified-url-of-simulator/ds/valid-pres-configured-card-range-data

An example configuration file on how to configure it exists in the $NDM_SIMULATOR_HOME/conf under the name simulated-card-range-data.properties and it is also listed below:

1
threedsdemo.simulated-card-range-data.ranges[0]=4000000000000000,4000000999999999,M,2.1.0,2.2.0,2.1.0,2.2.0,01|02|03|04,http://localhost:8080/acs/3ds-method

Challenge Flow Configuration

The NDM Simulator allows configuration of the Results Request sent when simulating an ACS for Challenge flow.

Each request is configured in a separate row following the order of the message fields:

  • otpValue - The OTP input that the cardholder will insert to get the configured response
  • transStatus - The status of the transaction
    • Y - Authentication / Account verification successful
    • N - Not authenticated / Account not verified; Transaction denied
    • U - Authentication / Account verification could not be performed; technical or other problem
    • C - In order to complete the authentication, a challenge is required
    • R - Authentication / Account verification Rejected. Issuer is rejecting authentication/verification and request that authorization not be attempted
    • A - Attempts processing performed; Not authenticated / verified, but a proof of attempt authentication / verification is provided
  • transStatusReason - Reason if the transaction failed. The values are defined in the EMVCo Specification. Any value defined in the specification will work. Examples:
    • 01 - Card authentication failed
    • 02 - Unknown device
    • 03 - Unsupported device
    • 04 - Exceeds authentication frequency limit
    • 05 - Expired card
    • 06 - Invalid card number
    • 07 - Invalid transaction
    • 08 - No card record
    • 09 - Security failure
    • 10 - Stolen card
    • 11 - Suspected fraud
  • eci - The eci value that will be sent in the RReq
  • authenticationValue - The authenticationValue that will be sent for a transaction.

The fields values are separated with comma, and are defined in that specific order.

Once the responses are configured, the cardholder can use the configured OTP values for simulating a RReq message.

An example configuration file on how to configure it exists in the $NDM_SIMULATOR_HOME/conf under the name simulated-otp-responses.properties and it is also listed below:

1
2
3
4
5
6
#otpValue,transStatus,transStatusReason,eci,authenticationValue
threedsdemo.simulated-otp-responses.responses[0]=1234,Y,,01,JAmi21makAifmwqo2120cjq1AAA=
threedsdemo.simulated-otp-responses.responses[1]=1111,N,01,01,
threedsdemo.simulated-otp-responses.responses[2]=2222,R,01,01,
threedsdemo.simulated-otp-responses.responses[3]=3333,U,01,01,
threedsdemo.simulated-otp-responses.responses[4]=4444,A,01,01,Qm181okmdyqh6yQmYuq1890QAAA=

Challenge Template

When initiating an authentication request to the NDM simulator, if the card is configured for Challenge flow, then the NDM simulator will set the acsURL field to be handled by the NDM Simulator Challenge handler.

The Netcetera Demo Merchant Simulator provides a pre-defined HTML template that is returned when initiating a Challenge Request to the simulated ACS Challenge handler. The challenge screen and the template source are displayed below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8"/>
    <title>NDM Simulator Challenge</title>
</head>
<body style="margin: 0; padding: 8px;">
<main>
    <div>
        <header>
            <span class="logo"></span>
        </header>
        <div class="content">
            <form id="mainForm" method="post" action="%otpValidationUrl$">
                <input id="threeDSSTransId" type="text" name="threeDSSTransId" class="hidden" value="%threeDSSTransId$">
                <input id="accountNumber" type="text" name="accountNumber" class="hidden" value="%acctNumber$">
                <h1>Challenge Form</h1>
                <div class="transaction-details">
                    <ul>
                        <li>
                            <span class="ui-messages-summary">Cardholder Account Number: </span>
                            <span class="ui-messages-detail"> %acctNumber$ </span>
                        </li>
                        <li>
                            <span class="ui-messages-summary">Merchant Name: </span>
                            <span class="ui-messages-detail">%merchantName$</span>
                        </li>
                        <div id="purchaseDetails">
                            <li>
                                <span class="ui-messages-summary">Purchase Amount: </span>
                                <span class="ui-messages-detail">%purchaseAmount$</span>
                            </li>
                            <li>
                                <span class="ui-messages-summary">Purchase Date: </span>
                                <span class="ui-messages-detail">%purchaseDate$</span>
                            </li>
                        </div>
                    </ul>
                </div>
 
 
                <div class="explainText">Please enter the sent OTP Code</div>
                <div class="code-section">
                    <dt><label for="otp">Code</label></dt>
                    <dd><input id="otp" type="text" name="otp" maxlength="10" onkeyup="checkOtp()" onblur="checkOtp()"></dd>
                </div>
                <div class="whitelist-merchant-section">
                    <dt><label for="whitelistMerchant">Whitelist this merchant</label></dt>
                    <dd><input id="whitelistMerchant" name="whitelistMerchant" type="checkbox"></dd>
                </div>
                <footer>
                    <button type="submit" class="btn btn-secondary" id="cancel" name="challengeCancel">Cancel</button>
                    <button type="submit" class="btn btn-primary" id="sendOtp" disabled="">Pay</button>
                </footer>
            </form>
        </div>
    </div>
</main>
 
<script>
    var messageCategory = "%messageCategory$";
    if (messageCategory === "02") {
        document.getElementById('purchaseDetails').setAttribute("class", "hidden");
    }
 
    var showWhitelistCheckInChallenge = "%showWhitelistCheckInChallenge$";
    if (showWhitelistCheckInChallenge === false) {
        document.getElementsByClassName('whitelist-merchant-section').setAttribute("class", "hidden");
    }
 
    function checkOtp() {
        var otp = document.getElementById("otp");
        var submitOtp = document.getElementById("sendOtp");
        var validInputRegex = /^[a-zA-Z0-9]+$/;
        submitOtp.disabled = !validInputRegex.test(otp.value);
    }
</script>
 
<style>
 
    header {
        background-color: #458962;
        color: white;
    }
 
    ul {
        list-style-type: none;
    }
 
    .ui-messages-summary {
        font-weight: bold;
    }
 
    .hidden {
        visibility: hidden;
        position: absolute;
    }
 
    .logo {
        padding-top: 2%;
        background: no-repeat left center url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxzdmcgd2lkdGg9IjEyM3B4IiBoZWlnaHQ9IjQwcHgiIHZpZXdCb3g9IjAgMCAxMjMgNDAiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI+DQogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA1MS4xICg1NzUwMSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+DQogICAgPHRpdGxlPkdyb3VwPC90aXRsZT4NCiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4NCiAgICA8ZGVmcz48L2RlZnM+DQogICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+DQogICAgICAgIDxnIGlkPSJHcm91cCIgZmlsbD0iI0ZGRkZGRiI+DQogICAgICAgICAgICA8cGF0aCBkPSJNMTA5LjcyNDAyMSw5LjA4OTE4MTgyIEwxMDQuNTg0NzA2LDkuMDg5MTgxODIgQzEwMS41NzI5NTcsOS4wODkxODE4MiA5OC45NTc5NTY5LDkuODM4Njc2NzcgOTcuMDExNzYxOSwxMS4zNzE2MDYxIEM5NC45NzkxMzIzLDkuODM4Njc2NzcgOTIuMDk4NDUyMSw5LjA4OTE4MTgyIDg4LjI0NTAyODUsOS4wODkxODE4MiBMODMuMTA1NzEzNSw5LjA4OTE4MTgyIEM3Ni41Njg1NjcyLDkuMDg5MTgxODIgNzEuOTAwMzkxNCwxMi42MDI2MTYyIDcxLjkwMDM5MTQsMjAuMDQwMjkyOSBMNzEuOTAwMzkxNCwzNy43NTAyOTI5IEM3MS45MDAzOTE0LDM4LjIxNjk1OTYgNzIuMzY0NDQ1OSwzOC42ODI5MTkyIDcyLjgzMjA0MjgsMzguNjgyOTE5MiBMNzguNDM3NTM3OCwzOC42ODI5MTkyIEM3OC45MDUxMzQ3LDM4LjY4MjkxOTIgNzkuMzcyMDIzMSwzOC4yMTY5NTk2IDc5LjM3MjAyMzEsMzcuNzUwMjkyOSBMNzkuMzcyMDIzMSwyMC41MDYyNTI1IEM3OS4zNzIwMjMxLDE3LjcxMTIwMiA4MC43Njk4NTQ1LDE1Ljg0NjY1NjYgODQuMDM5NDkwMywxNS44NDY2NTY2IEw4Ni44NDI5NDYzLDE1Ljg0NjY1NjYgQzkyLjQ0NTYwNzMsMTUuODQ2NjU2NiA5My4zODAwOTI2LDE3LjI0NTI0MjQgOTMuMzgwMDkyNiwyMS40Mzk1ODU5IEw5My4zODAwOTI2LDM3Ljc1MDI5MjkgQzkzLjM4MDA5MjYsMzguMjE2OTU5NiA5My44NDY5ODExLDM4LjY4MjkxOTIgOTQuMzEzODY5NSwzOC42ODI5MTkyIEw5OS45MTY1MzA1LDM4LjY4MjkxOTIgQzEwMC4zODM0MTksMzguNjgyOTE5MiAxMDAuODUxMDE2LDM4LjIxNjk1OTYgMTAwLjg1MTAxNiwzNy43NTAyOTI5IEwxMDAuODUxMDE2LDIxLjQzOTU4NTkgTDEwMC44NTEwMTYsMjAuNTA2MjUyNSBDMTAwLjg1MTAxNiwxNy43MTEyMDIgMTAyLjI1MjM5LDE1Ljg0NjY1NjYgMTA1LjUxODQ4MywxNS44NDY2NTY2IEwxMDguMzIxOTM5LDE1Ljg0NjY1NjYgQzExMy45MjQ2LDE1Ljg0NjY1NjYgMTE0Ljg1OTA4NSwxNy4yNDUyNDI0IDExNC44NTkwODUsMjEuNDM5NTg1OSBMMTE0Ljg1OTA4NSwzNy43NTAyOTI5IEMxMTQuODU5MDg1LDM4LjIxNjk1OTYgMTE1LjMyNTk3NCwzOC42ODI5MTkyIDExNS43OTI4NjIsMzguNjgyOTE5MiBMMTIxLjM5NjIzMiwzOC42ODI5MTkyIEMxMjEuODQxODY2LDM4LjY4MjkxOTIgMTIyLjMzMDAwOSwzOC4yMTY5NTk2IDEyMi4zMzAwMDksMzcuNzUwMjkyOSBMMTIyLjMzMDAwOSwyMS40Mzk1ODU5IEMxMjIuMzMwMDA5LDEzLjA1MDg5OSAxMTguNTk2MzE4LDkuMDg5MTgxODIgMTA5LjcyNDAyMSw5LjA4OTE4MTgyIiBpZD0iRmlsbC01MCI+PC9wYXRoPg0KICAgICAgICAgICAgPHBhdGggZD0iTTU4LjcwMzEwNjYsMjcuNTgyODI4MyBDNTcuNDIyMTc0NSwzMS4yNzMwMzAzIDU0LjA3MjQ4MDMsMzMuNzUzNDM0MyA1MC4zNjc4Mzc2LDMzLjc1MzQzNDMgQzQ1LjQ2NzI4MDQsMzMuNzUzNDM0MyA0MS40Nzk5NTQxLDI5LjUzMjIyMjIgNDEuNDc5OTU0MSwyNC4zNDM3Mzc0IEM0MS40Nzk5NTQxLDE5LjE1NDU0NTUgNDUuNDY3MjgwNCwxNC45MzMzMzMzIDUwLjM2NzgzNzYsMTQuOTMzMzMzMyBDNTUuMjY4Mzk0OCwxNC45MzMzMzMzIDU5LjI1NTcyMTEsMTkuMTU0NTQ1NSA1OS4yNTU3MjExLDI0LjM0MzczNzQgQzU5LjI1NTcyMTEsMjUuMTI4NTg1OSA1OS4xNTM3LDI1LjkzNjc2NzcgNTguOTUyNDkxNiwyNi43NDM1MzU0IEw1OC45MzEyMzcyLDI2LjgzMDUwNTEgQzU4Ljg4MzA2MDYsMjcuMDE1MDUwNSA1OC44MzI3NTg1LDI3LjE5ODE4MTggNTguNzczOTU0NiwyNy4zNzg0ODQ4IEw1OC43NzM5NTQ2LDI3LjM3OTE5MTkgTDU4LjcwMzEwNjYsMjcuNTgyODI4MyBaIE01OC45NDI1NzI5LDAgTDU4Ljk0MjU3MjksMTEuNDM4OTg5OSBDNTguMjQ0NzE5OSwxMC45MTc4Nzg4IDU3LjQ2OTY0MjcsMTAuNDY0NjQ2NSA1Ni42MzAwOTM3LDEwLjA4Nzc3NzggQzU0Ljg2Mzg1MjcsOS4yOTUxNTE1MiA1Mi44MjkwOTc3LDguODkzNTM1MzUgNTAuNTgxMDkwMiw4Ljg5MzUzNTM1IEM0NS43NTg0NjU4LDguODkzNTM1MzUgNDEuODQyNjk2LDEwLjM0Nzk3OTggMzguOTQxNDY5OCwxMy4yMTU4NTg2IEMzNi4wNzU2Njc2LDE2LjA0ODM4MzggMzQuNjIzMjgzMywxOS45NTI4MjgzIDM0LjYyMzI4MzMsMjQuODIxNzE3MiBDMzQuNjIzMjgzMywyOS4wODYwNjA2IDM2LjEwNDAwNjgsMzIuNjM5MDkwOSAzOS4wMjM2NTM1LDM1LjM4MzIzMjMgQzQxLjk2NDU1NDYsMzguMTQ4NTg1OSA0NS42NDE1NjY1LDM5LjU1MDcwNzEgNDkuOTUxOTU5OCwzOS41NTA3MDcxIEM1Mi41NTI3OTA0LDM5LjU1MDcwNzEgNTQuNzc4MTI2NiwzOS4xNDU1NTU2IDU2LjU2NDkxMzUsMzguMzQ1MTUxNSBDNTcuNTM2OTQ4MywzNy45MDg4ODg5IDU4LjQ2MDA5NzksMzcuMzI2OTY5NyA1OS4zMjAxOTI4LDM2LjYwNzg3ODggTDU5LjMyMDE5MjgsMzguNzAxNTE1MiBMNjUuODQ2MDAzNSwzOC43MDE1MTUyIEw2NS44NDYwMDM1LDAgTDU4Ljk0MjU3MjksMCBaIiBpZD0iRmlsbC00NCI+PC9wYXRoPg0KICAgICAgICAgICAgPHBhdGggZD0iTTE3LjI3OTEyMjQsOS4wODkxODE4MiBMMTEuMjA4MTU2LDkuMDg5MTgxODIgQzQuNjcwMzAxMTUsOS4wODkxODE4MiAwLDEyLjYwMDQ5NDkgMCwyMC4wNDAyOTI5IEwwLDM3Ljc1MSBDMCwzOC4yMTY5NTk2IDAuNDY3NTk2ODk5LDM4LjY4MjkxOTIgMC45MzUxOTM3OTgsMzguNjgyOTE5MiBMNi41Mzg1NjMzMSwzOC42ODI5MTkyIEM3LjAwNTQ1MTczLDM4LjY4MjkxOTIgNy40NzIzNDAxNSwzOC4yMTY5NTk2IDcuNDcyMzQwMTUsMzcuNzUxIEw3LjQ3MjM0MDE1LDIwLjUwNjk1OTYgQzcuNDcyMzQwMTUsMTcuNzEwNDk0OSA4Ljg3MzAwNTQsMTUuODQ2NjU2NiAxMi4xNDE5MzI4LDE1Ljg0NjY1NjYgTDE1Ljg3Nzc0ODYsMTUuODQ2NjU2NiBDMjEuNDgxODI2NiwxNS44NDY2NTY2IDIyLjQxNTYwMzUsMTcuMjQ0NTM1NCAyMi40MTU2MDM1LDIxLjQzODg3ODggTDIyLjQxNTYwMzUsMzcuNzUxIEMyMi40MTU2MDM1LDM4LjIxNjk1OTYgMjIuODgzMjAwNCwzOC42ODI5MTkyIDIzLjM0OTM4MDMsMzguNjgyOTE5MiBMMjguOTU0MTY2OCwzOC42ODI5MTkyIEMyOS4zOTc2NzU0LDM4LjY4MjkxOTIgMjkuODg3MjM1MSwzOC4yMTY5NTk2IDI5Ljg4NzIzNTEsMzcuNzUxIEwyOS44ODcyMzUxLDIxLjQzODg3ODggQzI5Ljg4NzIzNTEsMTMuMDUwODk5IDI2LjE1MjEyNzgsOS4wODkxODE4MiAxNy4yNzkxMjI0LDkuMDg5MTgxODIiIGlkPSJGaWxsLTQ3Ij48L3BhdGg+DQogICAgICAgIDwvZz4NCiAgICA8L2c+DQo8L3N2Zz4=');
        display: inline-block;
        background-size: contain;
        margin: 0 1rem 0 1rem;
        width: 90px;
        min-height: 30px;
    }
 
    dd, dt {
        display: inline-block;
        font-size: 20px;
        margin: 24px;
    }
 
    input[type="text"] {
        border: 1px solid #e4e4e4;
        border-radius: 2rem;
        font-weight: 600;
        padding: .5rem 1rem;
        line-height: 1;
        max-width: 100%;
        text-align: center;
        width: 10rem;
        margin-bottom: .25rem;
        font-size: 15px;
    }
 
    .btn {
        cursor: pointer;
        padding: .5rem 2rem;
        font-weight: 600;
        line-height: 1;
        letter-spacing: .05rem;
        margin-right: .5rem;
        border: 2px solid #458962;
        border-radius: 1rem;
    }
 
    .btn-primary {
        color: #fff;
        background-color: #458962;
    }
 
    .btn-secondary {
        background-color: #fff;
        color: #458962;
    }
 
    footer {
        font-size: 20px;
    }
 
    button:disabled {
        background: darkseagreen;
        border-color: darkseagreen;
    }
 
    .explainText {
        font-size: 20px;
        margin-bottom: 10px;
    }
 
    h1 {
        display: block;
        font-weight: bold;
        color: #9a9a9a;
    }
 
    .content {
        position: absolute;
        height: auto;
    }
 
    .code-section dd,dt {
        margin: 24px 24px 0 24px;
    }
 
    .whitelist-merchant-section dt {
        margin: 10px 10px 24px 24px;
    }
 
    .whitelist-merchant-section dd {
        margin: 10px 24px 24px 10px;
    }
 
</style>
</body>
</html>

Custom Challenge Template Configuration

The NDM Simulator can be also configured to provide a custom Challenge form. This can be configured via the ds-simulator-config.creq-form.template-location configuration property in the NDM Simulator Configuration Properties section.

In order for the NDM Simulator to properly handle challenge, the customized challenge template must contain the following placeholders:

  • A form with method POST whose action has value of "%otpValidationUrl$", like: 
    $ <form method="POST" action="%otpValidationUrl$">

    in order for the NDM Simulator to fill the OTP validation URL to a proper endpoint for validating the entered OTP.

  • An input field inside the form with value of "%threeDSSTransId$", like: 
    $ <input value="%threeDSSTransId$">

    in order for the NDM Simulator to fill the 3DS Server Transaction ID and later on when validating the OTP to identify the transaction.

  • An input field inside the form with name "otp" (for the One Time Password), like: 
    $ <input name="otp">

    in order for the NDM Simulator to handle the entered Challenge data.

  • An input field inside the form with value of %acctNumber$, like: 
    $ <input value="%acctNumber$">

    in order for the NDM Simulator to fill out the account number when whitelisting a merchant.

  • An input field inside the form of type checkbox with name "whitelistMerchant", like: 
    $ <input name="whitelistMerchant" type="checkbox">

    in order for the NDM Simulator to handle whitelisting of a merchant.

For handling challenge cancel, the custom challenge template should include additional submit button to the form with name 'challengeCancel', like:

$ <button type="submit" name="challengeCancel">Cancel</button>

Additionally, there is an option to include the following placeholders in the customized template, in order to provide details about the current transaction:

  • %merchantName$ - the merchant name
  • %purchaseAmount$ - the purchase amount
  • %purchaseDate$ - the purchase date

The NDM Simulator will inject values into them retrieved from the current transaction.