Updating backend services for Apple Pay on the Web using the Accelerator assets

Apple Pay on the Web and WebSphere Commerce integration enable multiple interactions between WebSphere Commerce web pages and WebSphere Commerce Server, WebSphere Commerce Server and Apple Pay server, and WebSphere Commerce Server and Payment Service Providers (PSP) such as IBM Payment Gateway server, which ensures seamless payment and check out method.

Note: In the sample accelerator assets, the WebSphere Commerce Server does not communicate with any PSP server to forward the encrypted payment token for further financial processing. The sample assets instead provide a dummy PSP implementation that prints logs and simulates the PSP behavior to return a successful result. To configure IBM Payment Gateway as the Payment Service Provider for Apple Pay on Web, complete the first step in this task.

Procedure

  1. Optional: Configure IBM Payment Gateway as the Payment Service Provider for Apple Pay on Web.
    1. Complete the IBM Payment Gateway onboarding process. Contact IPG onboarding team to configure the necessary merchant information on the IPG side.
    2. Configure the certificate for the IPG connection.
      1. Import the IPG server's signer certificate to the WebSphere Application Server Administration Console's truststore. The default truststore is \wasprofile\config\cells\localhost\nodes\localhost\trust.p12.
      2. Import the IPG's personal certificate to the WebSphere Application Server Administration Console's keystore. The default keystore is \wasprofile\config\cells\localhost\nodes\localhost\key.p12.
    3. Configure SSL for the IPG connection.
      1. Open the WebSphere Application Server Administration Console.
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > Dynamic outbound endpoint SSL configurations.
      3. Click New to configure the IPG secure connection.
      4. Add the Connection information for the IPG's server. For example, *,ips-preprod.ihost.com,*.
      5. Click Certificate alias and select the personal certificate that you previously imported.
      6. Click Save.
    4. Configure SSL for the default certificate.
      1. Open the WebSphere Application Server Administration Console.
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings.
      3. Select your WebSphere Commerce Server's certificate as the Default server certificate alias and Default client certificate alias values.
      4. Click Save.
    5. Enable IPG-specific command implementations.
      Run the following SQL to enable the command implementation for IPG:
      
insert into CMDREG (storeent_id, interfacename, classname, target) values ($storeId, 'com.ibm.commerce.applepay.payment.commands.ProcessApplePayPaymentCmd', 'com.ibm.commerce.applepay.payment.ipg.ProcessApplePayPaymentIPGCmdImpl', 'Local');
  2. Deploy the Java project in WebSphere Commerce Server.
    1. Import the WebSphereCommerceServerExtensionsLogic.zip file to the WebSphere Commerce Developer environment. Rebuild the project. The project contains backend controller commands and REST service resource handler that are created for the Apply Pay integration.
    2. Import the Apple Pay payment plug-in project.
      1. Import the Payments-Plugin-ApplePay.zip file to the WebSphere Commerce Developer environment.
      2. Create the configuration files for Apple Pay payment plug-in:
        • Extract the ApplePay-edp.zip file to WC_installdir\xml\config\payments\edp\groups\default directory.
        • Extract the ApplePay-ppc.zip file to WC_installdir\xml\config\payments\ppc\plugins directory.
        • Add the following entry to WC_installdir\xml\config\payments\edp\groups\default\PaymentMappings.xml.
          <Mapping paymentActionRule="Early Approval" paymentConfiguration="ApplePay" paymentMethod="ApplePay"/>
        • Add the following entry to WC_installdir\xml\config\payments\edp\groups\default\PaymentMethodConfigurations.xml.
          <PaymentMethodConfiguration humanEditable="true" maximumAmount="Unbounded" minimumAmount="0"  
name="ApplePay" partiallyConsumable="true" paymentSystemName="ApplePay" 
priority="MEDIUM" refundAllowed="true" systemEditable="true"/>
        • Add the following entry to WC_installdir\xml\config\payments\ppc\plugins\PaymentSystemPluginMapping.xml.
          <PaymentSystemName name="ApplePay"> 
<Mapping paymentConfigurationId="default" pluginName="ApplePay"/>
</PaymentSystemName>
      3. Create the payment policy for Apple Pay by running the following sample SQL commands, replacing the identifiers with those that match your environment. For example,
        insert into policy values (-20001,'ApplePay','Payment',-1,'attrPageName=SimplePunchout&paymentConfigurationId=default&display=true&compatibleMode=false&uniqueKey=tran_id',NULL,NULL,1);
insert into policydesc values (-20001,-1,'Apple Pay','Apple Pay',NULL,NULL,1);
insert into policycmd values (-20001,'com.ibm.commerce.payment.actions.commands.DoPaymentActionsPolicyCmdImpl',NULL,NULL);
insert into policycmd values (-20001,'com.ibm.commerce.payment.actions.commands.EditPaymentInstructionPolicyCmdImpl',NULL,NULL);
insert into policycmd values (-20001,'com.ibm.commerce.payment.actions.commands.QueryPaymentsInfoPolicyCmdImpl',NULL,NULL);
      4. Create the merchant information by running the following sample SQL commands, replacing the identifiers with those that match your environment. For example,
        insert into merchant (merchant_id, member_id, name, state) values (10001, 7000000000000000251, 'AuroraESite', 1);
insert into storemerch (store_id, merchant_id) values (10201, 10001);
insert into merchconf (merchconf_id, merchant_id, paymentsystem, payconfgrp) values (10001, 10001, 'ApplePay', 'default');
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10001, 10001, 'merchantIdentifier','merchant.auroraesite',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10002, 10001, 'domainName','www.auroraesite.com',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10003, 10001, 'displayName','AuroraESite.COM',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10004, 10001, 'supportedNetworks','amex,discover,masterCard,visa',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10005, 10001, 'merchantCapabilities','supportsCredit,supportsDebit,supports3DS,supportsEMV',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10006, 10001, 'merchantCountryCode','US',0);
  3. Deploy the Rest.war project.
    1. Add the new resource handler to the WC_installdir\Rest\WebContent\WEB-INF\config\resources-ext.properties file. 
      com.ibm.commerce.applepay.rest.handler.ApplePayHandler
    2. Secure the new REST service by using SSL. Create the wc-rest-security.xml file in the Rest.war/WEB-INF/config/com.ibm.commerce.rest-ext directory to add an SSL requirement for a new or existing REST service. 
      <sslConfig resource="store/{storeId}/applepay" enabled="true"/>
<partialAuthentication resource="store/{storeId}/applepay" enabled="true"/>
  4. Register a new command implementation in CMGREG by running the following SQL command. 
    insert into CMDREG (storeent_id, interfacename, classname, target) values ($storeId, 
'com.ibm.commerce.order.facade.server.commands.ComposeOrderCmd+IBM_UsableShippingInfo', 
'com.ibm.commerce.applepay.order.facade.server.commands.ComposeUsableShippingInfoWithShippingChargeCmdImpl', 'Local');
    Where:
    INTERFACENAME
    Is the com.ibm.commerce.order.facade.server.commands.ComposeOrderCmd and IBM_UsableShippingInfo.
    storeent_Id
    Is the store ID.
  5. Get backend service access control.
    1. Download and extract the following file: AccessControlandConfigXMLfiles.zip. Place the following extracted files in WC_installdir/xml/policies/xml directory.
      1. AccessControlPolicies_ApplePay.xml
      2. AccessControlPolicies_ApplePay_en_US.xml
    2. Run the acpload and acpnlsload commands.
      For more information about running the utilities, see the following topics:
  6. Add struts and rest template configuration files.
    1. Extract the struts-config-applepay-rest-services.xml file from AccessControlandConfigXMLfiles.zip.
    2. Add struts-config-applepay-rest-services.xml file to the WC_installdir\Stores\WebContent\WEB-INF folder.
    3. Create a folder to add the rest template configuration file.
      For example, 
      com.ibm.commerce.applepay
    4. Extract the rest-template-config.xml file from the preceding AccessControlandConfigXMLfiles.zip file.
    5. Add rest-template-config.xml file to the WC_installdir\Stores\WebContent\WEB-INF\config\com.ibm.commerce.applepay folder.
  7. Get the Apple Pay Merchant Identity Certificate.

    Refer to the Apple documentation for registering and verifying your website: Apple Pay JS - Apple Developer. The Merchant Identity Certificate that you get is linked to your domain name. It is used to authenticate your merchant sessions with the Apple Pay servers. To establish a TLS connection to Apple Pay servers, you can configure the certificates as follows:

    1. Import the Apple Pay Merchant Identity Certificate to WebSphere Application Server Administration Console's Key Store.
      1. Open the WebSphere Application Server Administration Console
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates.
      3. Click Import to import the new key store file.
      4. Click Get Key File Aliases.
      5. Select Certificate alias to import the certificate.
      6. Click Apply to save the changes.
      You also must add the Apple Pay server's CA signed certificate to the trust store for establishing the TLS connection:
    2. Import the CA signed certificate for Apple Pay server (https://apple-pay-gateway-cert.apple.com) to WebSphere Application Server Administration Console's Trust Store.
      1. Open the WebSphere Application Server Administration Console
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Signer certificates.
      3. Click Add and enter the alias and file name.
      4. Click Apply to save the changes.
  8. Configure the SSL setting for Apple Pay merchant validation.
    1. Open the WebSphere Application Server Administration Console.
    2. Depending on your environment configuration, go to: Security > SSL certificate and key management > Dynamic outbound endpoint SSL configurations.
    3. Click New to configure the Apple Pay secure connection.
    4. Add the Connection information for Apple Pay's merchant validation server.
      For example,
      https,apple-pay-gateway-cert.apple.com,*
    5. Click Certificate alias and select ApplePaySessionCertificate personal certificate.
    6. Click Save.
  9. Modify the SSL protocol to TLS1.2.
    1. Open the WebSphere Application Server Administration Console.
    2. Depending on your environment configuration, go to: Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings.
    3. Click Quality of protection (QoP) settings under Additional Properties.
    4. Change the value of Protocol to TLSv1.2.
    5. Click Apply to save the changes.