3

I have the same problem as: Sagepay Direct 3D Secure Blank Page Issue ....although in my instance there hasn't been any magic involved and I'm still unable to display a 3D secure test page. Here's the form fields that are submitted (as per Chrome's developer tools, network tab):

<form name="form" id="3dsecureform" action="https://test.sagepay.com/mpitools/accesscontroler?action" method="post">
<input type="hidden" name="MD" value="20156449501764516147" />
<input type="hidden" name="PaReq" value="eJxVUUFuwjAQvPcVUa6VWDuxE0CLEW0OpYIqKlRC3NzEKmmTAE7SQl+PDUkpt5n1emZ3FseHIne+la6ybTlyaY+4Y3GHy41WKlqopNFK4FxVlfxQTpaOXI9QHjA24ISGAeM0oCx0BcaTV7UX2AoJo9OjCB01CjrZyLIWKJP9w/RFMNLnvofQUiyUnkaCM8L8gBM/9PseCxEuZSxlocSzzLNZnSKcGSbbpqz1UfS9AKEj2OhcbOp6NwRAsATh6h03FlXm8yFLhcybr08S/t7/kOh9uQoGJNaz9WodvZERgu3AVNZKmI0HJPSJQ9mQB0NuxjrXURbWVXjMTG02uTDcWZPJzdP/EppItSqTbvCOoTrstqWynxD+MKaqSsTChh/LozOPp8bclhCuyzw+2ViT2iRFbaJnZPUyk4hHyEXQEgTbC+2xoL2rQTf3PgFvDqs0" />
<input type="hidden" name="TermUrl" value="https://www.EXAMPLE.co.uk/sagepay/3dsecurecallback" />
<button type="submit btn btn-primary">Submit</button>
</form>

I tried changing the forms action to ?action=auth. This produced a 3D secure page, but with all the fields showing null. I'm using PHP so I've also tried putting trim(urlencode()) around each of the fields. It's the same result - a 200 OK for the POST, but a completely blank response. I assume that there must be something wrong with the submitted fields.....

Martin Evans
  • 45,791
  • 17
  • 81
  • 97
John
  • 31
  • 1
  • 2
  • Have you looked at the transactions on test.sagepay.com? There should be an 'invalid' section for ones that didn't get processed successfully. – trapper_hag Jul 30 '19 at 16:25
  • Thanks for the reply. Yes. All the tests are showing as "3D" - 'INCOMPLETE'. The first part of the operation goes OK - so the transaction is registered with SagePay. The values of the above form come from the response to this first operation and are then submitted to the [test] bank for 3D auth'ing. – John Jul 30 '19 at 17:56
  • @John, by a blank page do you mean a 404? – David Christopher Reynolds Jul 02 '20 at 09:36
  • I've changed the `action=auth` and now it returns an HTML payload for me as opposed to a blank page and 200 OK beforehand. – HackerMonkey Dec 07 '20 at 16:45

3 Answers3

0

I've checked my development logs and I do get https://test.sagepay.com/mpitools/accesscontroler?action=pareq back from SagePay for the ACSURL. It looks to me that your form is missing =pareq after the ?action. Hope this solves the problem.

KH S
  • 444
  • 1
  • 4
  • 8
  • Thanks for the suggestion. Unfortunately, if I hard code: – John Jul 31 '19 at 08:46
  • Thanks for the suggestion. Unfortunately, if I hard code: https://test.sagepay.com/mpitools/accesscontroler?action=pareq I get a straight rejection of the POST, "404 Not Found" I've also tried: https://test.sagepay.com/mpitools/accesscontroler?action=PaReq The result is "200 OK", but again, a blank page. – John Jul 31 '19 at 09:04
  • Hm... I would send an email to SagePay support. As they work on VPSprotocol v4.0 I got told that for the new version not everything is available for testing yet. For example: I can't test the v4.0 3DSecure challenge. Do you get the error calling the VPSprotocol v3.0 or VPSprotocol v4.0? I got good help from them in the past and they can see what comes to their server and hopefully help you. – KH S Jul 31 '19 at 09:55
0

Two changes were made: 1. As per KH-S's comment, pareq needed to be appended to the form action [I think my PHP method removed it from the SagePay response] 2. In the SagePay interface, the site URL needed to be added under the Settings.

These two changes were both required. Thanks for your help, KH-S.

John
  • 31
  • 1
  • 2
0

I've had the same issue when trying to implement 3DS2, receiving a blank page when attempting to redirect to the acsUrl provided. (i.e. https://test.sagepay.com/mpitools/accesscontroler?action=pareq)

After speaking to support, they said that I should only use United Kingdom/GB on my billing address as anything else seems to be erroring at the moment (I was originally using Afghanistan as it was first in the list).

After following this advice I get a completely different acsUrl in https://test.sagepay.com/3ds-simulator/html_challenge.

I assume this will only be a temporary issue, but worth noting for those implementing this now

JDandChips
  • 9,780
  • 3
  • 30
  • 46
  • Do you still happen to have an example of that request with `United Kingdom/GB`, it's returning a blank page even though for me. – HackerMonkey Dec 07 '20 at 17:18
  • No, I don't get that anymore. However, I did manage to create a similar issue by mistake by not activating the 3DS2 rule in the portal, instead I was only trying to pass the `apply3DSecure` parameter with a value of `1` to force 3DS2, but apparently, this parameter fails if you forget to turn it on in the portal. – JDandChips Dec 08 '20 at 09:45
  • I noticed that what I get back as the ACSURL is `https://test.sagepay.com/mpitools/accesscontroler?action` but that returns an empty payload when we submit back to it. Several attempts with the support to get them to tell me if this is the right URL or not. No luck. Does anyone know what the ACSURL is for test? – HackerMonkey Dec 08 '20 at 17:41