As of Aeon 4.1, Aeon may utilize CyberSource as a payment gateway through the use of Secure Acceptance profiles for user transactions. This requires some initial setup and testing from the server to properly enable. The set up can be broken down into two different categories:
- Setting up a Merchant Account.
- Customization Manager changes and set up.
Further documentation for CyberSource’s Payment gateway can be found here:
Merchant Account Configuration
To set up CyberSource, you will need to set up and configure a merchant account through the CyberSource Business Center. The initial configuration and testing should be done through the Test Business Center. Once it's been confirmed that the service works as expected, you can go live following the same steps using the Live Business Center.
Before starting, retrieve from within the Customization Manager the current value for the Customization Key WebURL. This will be referenced later in the setup procedure.
Initial setup of secure acceptance profile
- On the left-hand menu click Payment Configuration (cogwheel), then select Secure Acceptance Settings.
- Under active profiles click New Profile.
- Fill out the Create Profile menu:
- Click Submit. You will automatically be redirected to a new Edit Profile Form.
- Take note of the Profile ID for the new account. You will need this information for setting up the Payment Gateway in the Customization Manager for Aeon.
Customer Response
- Under the new Edit Profile form, Select the Customer Response tab.
- The following URLs will be adapted from Customization Key WebURL. Please enter the following values based on the response questions below:
Response Question Value Transaction Response page Hosted By You URL <WebUrl> /aeon.dll?Action=30&Type=116
Custom Cancel Response Page Hosted By You URL <WebUrl> /aeon.dll?Action=30&Type=116
- Under Payment Settings, choose at least one payment method.
Example:
- Click ADD CARD TYPES
- Select Visa.
- Click the cogwheel Icon to the left of the new Visa.
- Under the new Visa Settings panel:
- Activate any CVN security settings required by your institution.
- Select at least one currency from the Currencies.
- Click Submit to save the settings changes.
Notifications
- Under the new Edit Profile form, Select the Notifications tab.
- The following URLs will be adapted from Customization Key WebURL. Please enter the following values based on the response questions below:
Notification Type Value Merchant Post URL <WebUrl> /aeon.dll?Action=30&Type=115 Merchant Post URL yourmerchantemailaddress@email.edu - Adding an email address in addition to the URL will ensure you receive POST receipts.
Payment Form
- Select the Payment Form tab.
- Fill out the required fields:
- It's highly recommended to Use a Single Page Form for checkout and to Mask Sensitive Fields.
Generating a New Key
- Select the Security tab.
- Under Active keys, click the create key (+) button.
- Under the new Security Keys form, fill in the Key Creating information:
- Click Create to add the new key.
- You will have a limited time to copy both your Access and Secret key from the form. Please copy and paste the information to a secure location.
- Note: Be sure to safeguard the private key. It's recommended after storing it the access key and secret key on the server to delete or safely store any copies of it.
- Any other customizations to the profile aside from the above mentioned are at the discretion of the user.
- Once finished, click Save.
- The profile must be promoted to Active after saving to use. To activate the profile, select the profile name by clicking on the menu (), and then select activate profile.
Customization Manager Changes and Set Up
After setting up Merchant Account Configuration, you should have saved three pieces of information:
- The Access Key
- The Secret Key
- The Profile ID
Follow the instructions below to add your Merchant Account profile information to the Aeon Customization Manager:
- Within the Aeon Customization Manager, change the PaymentProvider customization key to “CyberSource”.
- Change the PaymentProviderToken customization key to the previously copied Access Key.
- Change the PaymentProviderResponseToken customization key to the previously copied Secret Key.
Note: Be sure to safeguard the private key. It is recommended after storing it within the server to delete or safely store any copies of it.
- Change the PaymentProviderMerchantId customization key to the previously copied Profile ID.
Next, you will need to modify the Aeon web pages:
For Aeon v5.0.73 web pages and later:
You will need to modify the CreditCardPayment.html web page to reference include_payment_form_cybersource.html. These files can be downloaded from the Aeon Downloads page as part of the Aeon Default Web Pages. See the instructions below for the required changes:
- Open the default directory in File Explorer where your CreditCardPayment.html page is located. If you already have a complete set of 5..0.73 or later web pages, skip to step 4.
- If you have just downloaded new web pages, overwrite the CreditCardPayment.html web page with the updated file.
- Open the "templates" folder in the new web pages download, and add the "payment" subfolder to your web directory in the "templates" folder.
- Open CreditCardPayment.html and make the following changes:
Change this (default line 42):
|
To this:
|
Prior to Aeon v5.0.73 web pages:
You will need to modify the CreditCardPayment.html web page. This file can be downloaded from the Aeon Downloads page as part of the "Feature Specific CreditCardPayment.html Pages." See the instructions below for the required changes:
- Open the default directory in File Explorer where your CreditCardPayment.html page is located.
- Overwrite the CreditCardPayment.html web page with the feature-specific one for CyberSource.
Configuration Under Remote Authentication
For sites that use a single sign-on system (SSO) such as CAS or Shibboleth, the URL from the WebURL customization key may not work as intended. To explain the conditions where differences apply, we’ll start with a typical setup for a site that uses SSO.
Problem
Unlike SSO sites, Aeon authentication sites typically only have two Aeon web directories: one protected used for SSO and one unprotected that uses Aeon authentication. They’re often named as such, with WebURL pointing to the first URL:
The default Aeon directory, protected by CAS. |
|
The open directory used for Aeon authentication. |
|
When navigating to a resource under a protected directory (/aeon in this example), the web server checks to see if the user has an active session token and, if not, the user will be redirected to a login page that will only allow the user to continue after providing valid credentials. Once the active token is created, the protected nature of the directory is unnoticeable until the token expires.
The problem with this is that CyberSource will want to make a web request back to Aeon (in the background, server-to-server, without involving the user’s web browser) to report the result of a transaction. If it’s directed to a protected directory, it will always be intercepted before reaching the aeon.dll. In this case, it’s important to make sure we direct CyberSource to the unprotected Non-CAS directory to ensure Aeon receives the notification.
The problem only occurs for CyberSource when it makes the server-to-server request (to the URL configured in the Notifications section). The URLs configured in the Customer Response section don’t have this problem because CyberSource is redirecting the user’s browser to the provided URLs, and in that case, the user will have a valid SSO token or will be able to sign in again if needed.
Work Around
To work around this issue the CreditCardPayment.html pages will have to be edited differently in each directory, and you won’t always be able to use the WebURL customization key. The default web page has a disabled section with fields that can be used to override the URLs configured in the CyberSource Business Center. The fields are override_backoffice_post_url, override_custom_cancel_page, and override_custom_receipt_page.
Protected Directory
In the case of the protected directory (/aeon), the value of the override_backoffice_post_url input must point to the unprotected directory. To override the URL, please add the following value to the CreditCardPayment.html page:
override_backoffice_post_url |
|
Unprotected Directory
In the case of the unprotected directory, users won’t have credentials for the SSO system; therefore, they will need to be redirected to the unprotected directory. To override the URL, please fill out the following values in the CreditCardPayment.html page. These values will appear in within the comment section (default lines 81-87) of the file:
override_backoffice_post_url |
|
override_custom_cancel_page |
|
override_custom_receipt_page |
|