Update Authorize.Net Direct Post from MD5 to SHA-512

UPDATED on April 12th, 2019

Adobe Commerce implementation of the Authorize.Net Direct Post payment method uses MD5 based hash. Authorize.net will stop supporting MD5 based hash usage on June 28, 2019. This will result in Adobe Commerce merchants not being able to process payments using Authorize.Net Direct Post. To avoid this, merchants need to apply the patch provided by Adobe Commerce and replace the existing MD5 hash with a Signature Key (SHA-512) in the Commerce Admin configuration settings.

Adobe Commerce released a new Authorize.Net extension to replace Direct Post in upcoming 2019 releases, starting with v2.3.1 for Adobe Commerce and Open Source.

The core Adobe Commerce Authorize.Net payment integration is deprecated since 2.3.4 and will be completely removed in 2.4.0. Use the official extension from Commerce Marketplace instead.

Affected versions

• Adobe Commerce on-premises 1.X.X
• Magento Open Source 1.X.X
• Adobe Commerce on-premises 2.X.X
• Magento Open Source 2.X.X
• Adobe Commerce on cloud infrastructure 2.X.X
• Authorize.Net Direct Post

Issue

Adobe Commerce implements the Authorize.Net Direct Post payment method, using Authorize.Net's AIM (Advanced Integration Method) and DPM (Direct Post method) APIs, which use MD5 based hash.

Authorize.net will stop supporting MD5 based hash usage on March 14, 2019. Starting from this date, Magento Open Source, Adobe Commerce on-premises and Adobe Commerce on cloud infrastructure merchants will not be able to process payments using Authorize.Net Direct Post payment method. To be able to continue successfully process payments using these methods, merchants need to apply the patch provided by Adobe Commerce and replace the existing MD5 hash with a Signature Key in the Commerce Admin configuration settings.

Solution

Further are described the three general steps you need to take be able to continue using Authorize.Net Direct Post payment method.

Alternatively, you can upgrade to version 2.2.8 or 2.3.1 and get all updates and a new Authorize.net payment method option.

1. Download the patch

Adobe Commerce on cloud infrastructure and Adobe Commerce on-premises

Patches are attached to this article. To download a patch, scroll down to the end of the article and click the file name, or click one the following links:

• For versions 2.2.0-2.2.7 and 2.3.0 - Download Auth.net.md5-2019-02-28-05-04-05.composer-2019-03-04-07-33-26.patch
• For versions 2.0.0-2.0.18 and 2.1.0-2.1.16 - Download MDVA-17212_EE_2.1.0_v1.composer-2019-03-05-12-05-22.patch

Adobe Commerce on-premises

• For versions 1.10.1.0-1.14.4.1 - Download PATCH_SUPEE-11085_EE_1.14.4.0_v1-2019-02-28-04-59-38.sh

Magento Open Source

1. Click a link to download: M1 patch or M2 patch.
2. For Select your format, select a format best matching your needs. For M1, there is just one option. For M2, choose between Git-based or Composer-based.

2. Apply the patch

You may require developer assistance to apply the update. To update, you can download and install packages for your Adobe Commerce edition and version. Download patches also available for those who installed with Composer.

Adobe Commerce on cloud infrastructure

For Adobe Commerce on cloud infrastructure, apply the M2 patch and deploy. For details, see Apply custom patches.

Adobe 2.X Commerce on-premises

For Adobe Commerce on-premises 2.X and Open Source 2.X, follow these steps to install the Composer-based patch:

1. Upload the patch to your Magento root directory.
2. Run the following SSH command: git patch -p1 < %patch_name% (If the above command does not work, try using -p2 instead of -p1)
3. For the changes to be reflected, refresh the cache in the Commerce Admin under System > Cache Management.

Magento 2.X Open Source

For Magento Open Source 2.X, follow these steps to install the Composer-based patch:

1. Upload the patch to your Magento root directory.
2. Run the following SSH command: git patch -p0 < %patch_name%
3. For the changes to be reflected, refresh the cache in the Admin under System > Cache Management.

Adobe 1.X Commerce on-premises and Magento Open Source

For Adobe Commerce 1.X on-premises and Open Source 1.X, follow these steps to install the patch:

1. Upload the patch to your Magento root directory.
2. Run the following SSH command: bash sh %patch_name%.sh
3. For the changes to be reflected, refresh the cache in the Admin under System > Cache Management.

3. Get a new Signature Key

You need to get a new Signature Key and add it to your Commerce Admin configuration. For more information, see What is a Signature Key?

1. Log into the Merchant Interface at https://account.authorize.net.
2. Click Account from the main toolbar.
3. Click Settings in the main left-side menu.
4. Click API Credentials & Keys.
5. Select New Signature Key. Review the options available.
6. Click Submit to continue.
7. Request and enter PIN for verification.
8. Your new Signature Key is displayed. Copy this key to add to your Commerce Admin configuration.

4. Update the Commerce Admin configuration

Take the following steps to update the Commerce Admin configuration:

1. Log into the Commerce Admin.

2. On the Admin sidebar, click Stores. Then under Settings, click Configuration.

3. In the panel, click Sales then Payment Methods.

4. Expand the Authorize.net Direct Post section.

5. In the Signature Key enter the SHA-512 Signature Key.

6. Click Save Config.

   Adobe Commerce 2 Authorize.Net Direct Post configuration screen:

   Adobe Commerce 1 Authorize.Net Direct Post configuration screen:

The process is successful if the Signature Key updates and payment processing continues. If you have issues, verify the Signature Key with Authorize.Net.