Solution:
Somehow my activesupport-2.3.5/lib/active_support/values/unicode_tables.dat was corrupted. Reinstalling activesupport gem fixed the issue.

My setup is Rails 3.0.0.beta with ruby 1.9.1 for this example. If the steps sound confusing, you can follow the example code here http://github.com/railsbob/MyApp.

First of all, lets create a generic, reusable application. My reusable ‘login application’ with one controller is called as ‘Saas’.

To allow sharing of this application by others, we need to wrap it as a Rails::Engine. To do so, add a file named ‘engine.rb’ to config folder.

Create a ’saas.rb’ in lib folder which requires this engine.rb. This is required, as we want to load the application as Saas::Engine instead of Saas::Application.

Lets create a container app which mounts the Saas Application.

To mount it, copy the Saas application into lib of MyApp.

Saas application’s routes.rb should be modified to replace Saas::Application by Rails::Application. Also, to keep things modular, add a namespace to the routes.

The next step is to hook Saas app into the initializer process of MyApp. There are many ways to do it, but we will follow the bundler approach.

In MyApp/Gemfile, require the saas application from lib directory as a gem.

At this stage, bundler complains about missing version for saas as it is expecting a gem. So lets add a saas.gemspec at MyApp/lib/saas/saas.gemspec with basic information.

Start the server from the container app and if you go to /saas/sessions you should see the text ‘Hi from SessionsController’.

Note that even if the Saas application was modified to be an engine, it still works as a standalone application when run from its root.
The example code discussed above is available at http://github.com/railsbob/MyApp.
.

This example makes use of a forked version of ActiveMerchant and SagePay Simulator environment. Please refer to the previous article for setup instructions.

Setup:

Make sure to check ‘Continuous Authority’ in the simulator account settings.

Case 1: A non 3D Authorized Transaction

response.authorization shows a value simiar to:
00001;{E5AC4385-06F8-40DD-8486-22EFB23768AE};9030;03FQG5AJA6;authorization

Capture the Payment

Repeat the transaction using previous authorization reference.

Case 2: 3D Authorized transaction

Follow the steps 1-3 for 3D Secure Payment Transaction as shown in the previous article. You’ll notice that the authorization returned by a three_d_complete process is incomplete and it looks something like “;{FB448BBF-CB72-414A-B293-316004162EEB};6598;OUWEBUCWL3;three_d_complete”
Prepend the order_id used in step 1 to this authorization reference so that it matches following format:

three_d_auth_reference = “00003;{FB448BBF-CB72-414A-B293-316004162EEB};6598;OUWEBUCWL3;three_d_complete”

Where “00003″ is the order_id used for authorization in step 1.

Capture this 3D Authorized payment for the first time by calling:

This transaction can be repeated by using the previous successful authorization (three_d_auth_reference) with a new order_id.

What is 3D secure?

3D Secure is a latest initiative for fraud prevention launched by Visa and MasterCard. 3D Secure adds additional password authentication step to complete the online transactions. A detailed introduction is available at http://www.sagepay.com/developers/industry_knowledge/3d_secure.asp.
This tutorial is a guide to set up a Ruby on Rails test environment for 3D Secure payment transactions using ActiveMerchant plugin.

And why should we care?

3D Secure is becoming an industry standard and it is mandatory for processing Mastero card payments. Also, the deadline for 3-D Secure mandate (United Kingdom) for Maestro transactions is January 31st, 2010 and we want to make sure our applications are compliant by that date.

How does it work?

Fig 1: 3D Secure transaction

Setup

1. Patch ActiveMerchant plugin

To get this working, apply this patch to add 3D Secure support for SagePay gateway. The patch is taken from http://github.com/tekin/active_merchant, however it is modified for SagePayGateway instead of ProtxGateway. Alternately, you can use http://github.com/dynamic50/active_merchant to follow this tutorial.

2. Set up SagePay simulator environment

Apply for a simulator account at https://support.sagepay.com/apply/. The registration process is instant and the support team is quick in responding to your queries. Once your account is created, log on to configure the simulator for direct messages.

Clicking on the “Direct” button takes us to Direct Options and parameters admin page.

Set response for authorization POSTs to 3DAUTH as shown below. In short, we are forcing the response for all validate requests to be 3DAUTH.

http://whatismyip.com for help.

Also, select the “Simulate Direct” checkbox.

In config/environments/development.rb

Make a note that test and simulator are different environments for SagePay payment gateway.

3D Secure Payment Transaction

A typical 3D secure transaction works in four steps as shown in Fig 1. Initialize the gateway and a dummy valid credit card:

Step 1: Authorize

Note: the amount is in pence and order_id can be any unique identifier for your transaction.
The response of this request gives us the PAReq, MD and ACSURL values:

@three_d_secure=true and @success=false imply that we need to complete the 3DSecure authorization first.

Step 2: 3D Authorization

To initiate the 3D Secure authorization, we should post PAReq, MD and the callback url (TermURL) to ACSURL.
We can do it using curl command as:

The response is a html page, captured in temp.html. Edit it and pick up the VPSTxID.
The simulator allows us to send different responses for multiple scenarios. We assume that we have entered correct password and we want to simulate a successful 3D transaction. In this case, we respond to this action by clicking the ‘OK’ button.
This can be done as:

Essentially, we have simulated a “correct 3d password submit” action. The gateway should return a PARes token (for the initiated PAReq value) which can be found out from temp.html.

Step 3: Complete 3D authorization

On the console, call:

The response should be similar to:

@message=”Success” confirms that the 3D authorization was successful. As a last step, we need to complete the transaction by capturing this payment.

Step 4: Capture Payment

SagePay requires you to remember the order_id that you used to initiate the authorization. Get the authorization code from previous response and prefix it with the order id.

Ex: =”a6f8c776ac58dcf08;{FB448BBF-CB72-414A-B293-316004162EEB};6598;OUWEBUCWL3;three_d_complete”
Where order_id=’a6f8c776ac58dcf08′

The aim of this tutorial was to demonstrate a 3D secure payment transaction with details of the tokens exchanged between gateway and the client application. On these lines, we can extend rails support for other gateways to handle 3D Secure authentication. Please leave your comments with suggestions or issues.