Sage XRT Business Exchange 12.3

Setup

Sage XRT Business ExchangeAdministration

Sage XRT Business Exchange Administration is a new module which enables you to set up bank contracts online instead of using the rich client interface.

You can use this first version to:

  • Manage Entities
  • Manage Bank Contracts
  • Manage Financial Operators and Profiles
  • Manage Calendars
  • View the existing Bank Accounts
  • View the existing Services and EBICS Formats
  • Create and modify Users without using the Sage XRT Common Services interface

Services and Corresponding Flows

In order to facilitate the setup process for Requestor Contracts, the service is associated with projects in the flow correspondence table.

When you create a requestor contract, in the Write or Read tab, the Template field directly proposes the flows corresponding to the selected service.

E.g.: For SCT service, the Template dropdown list displays the flows associated with SCT project.

P5ASX networks variables

In P5ASX objects, new variables are available.

They provide the IP address or the host name of the distant site, as well as its port number, when such data exist.

For Stats object which gathers the transfer statistical data, remoteDte property is available with the value:

  • Adresse d’appelant if communication is in server mode
  • Adresse d’appelé if communication is in requester mode

Variable example: Call Show("RemoteDte", Stats.RemoteDte, "Caller address")

Return Codes exclusion

In the reception campaign, you may add protocol return codes to the exception list.

This list cancels the call relaunching of reception campaigns for these codes. Access to this list requires administrator rights.

E.g.:

  • LRC[Business RC:[091006][EBICS_UNSUPPORTED_ORDER_TYPE]:Order type not supported]
  • LRC[Business RC:[091112][EBICS_INVALID_ORDER_PARAMS]:Invalid order parameters:File Format not defined]

Online Banking - Access Permission for Contracts

For EBICS contracts, access permissions for contracts can be set up on Sage XRT Online Banking.

You can set up permissions for the file edition and archiving.

You can also authorize or forbid the edition of detailed signature tickets.

Modification of EBICS Version

To facilitate migrations from EBICS 2.X to EBICS 3.0, you can modify the Ebics Version parameter on the bank contract.

If you modify the version, you must also modify the file format by BTF.

Operation

Display Templates

The signatory can only view their own display templates.

Createfile Improvement

Disconnection does not stop the network drive scanning.

Protocol Error Message

The signatory now receives the error messages (with details) when their token is initialized.

E.g.: When the user ID is not recognized by the bank partner, the following message appears:

An error occured while performing the requested operation: [EBICS_USER_UNKNOWN] Subscriber unknown.

SWIFT FileAct

The error from SAG [Sag:APL-I.001.008][Message lost (The connection to SAG was lost while the request was being processed)] is now a simple warning.

The transfer is actually completed and the archived file enables the slip edition.

Production API

P5RAPI service enables you to exchange data with Sage XRT Business Exchange through the Rest API.

For more information, see the document SXBE.12.3.RestProductionAPI.UserGuide_EN.pdf.

The following uses are available for addfile production API:

  • /A for application
  • additional references:
  • /REFn
  • /REFnUTF8:}<ref>]: n from 0 to 9
  • ref: Free additional info

CAdES-BES Signature

CAdES-BES signature is available for all protocols supporting PKCS#7 signature. For each bank contract, you can select CAdES-BES signature as the actual exchanged signature.

CAdES-BES signature on the signature station is a billable option.

P5WCERT Utility

The P5WCERT utility is used to manage X509 certificates.

New uses are available:

  • /CEBREPORT: List of certificates, info on the use of EBICS identities
  • /CEBDELETE: Disposal of not used certificates in an EBICS identity
  • /CEBRENEW: Renewal of expired certificates for EBICS identities

For more information, see the document SXBE.12.3.CommandLineTools.UserGuide_EN.pdf

EBICS Transfer History and Data Absence

In the EBICS protocol device, the new variable Raise Filenotfound exception set to NO stops the tracking of transfers in EBICS when there is no available data on the monitor.

Security

Certificates Check

Certificates can be checked through their hash. When the option Add Certificate ID is selected, the certificate is controlled through the CN field and the hash. If the option is not selected, the process remains the same: certificate check only through the CN field.

The modification applies to:

  • Signature Contract Manager - Signatory Identification - EBICS Identities

  • Contract Manager - Requestor/Server Contracts Security Envelope - EBICS Requestor Contract

  • Server Signature Rules - Signatory List and Monitoring

Integrity Improvement

The Integrity tab includes the VFS files. The Integrity ensures that no file (requestor issuer) in VFS is modified before its transmission to the bank.

Two new uses are available for P5SECFILE:

  • Compute VFS
  • Check VFS

For more information, see the document SXBE.12.3.Security.UserGuide_EN.pdf .

Improvements

  • SameSite Securing

On Sage XRT Online Banking, the session cookie is secured through the SameSite instruction. This attribute limits the risks of Cross-Site Request Forgery and Cross-Site Script Inclusion attacks.

  • HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a security mechanism which enables a web site to declare that web browsers should interact with it using only https connections instead of http.

HTTP Strict Transport Security (HSTS) is supported on requests headers for the EBICS server.

  • XML External Entity

To protect you from XML EXternal Entity attacks which consist in sending a malicious file to an XML analyzer, libxml2 library and the referenced CVE (Common Vulnerabilities and Exposures) have been updated.

Corrections

  • Access Control Enhancement

Access is controlled during folder modifications. The encryption algorithm has been reinforced.

  • Sensitive Data Transmission - HTTP GET Method

To protect you from data breach or uncontrolled access to functions, HTTP POST method is used to convey sensitive data within addresses.

Sage XRT Common Services 5.0

Web Interface

Sage XRT Common Services now consists of:

  • the Administration.Net part to manage tenants (e.g.: workgroups), databases and user accounts
  • and three services:
  • Authentication Service (SCAS)
  • Administration Service (SCPS)
  • Functionality Service (SCDTS)

The Administration Service offers a web interface which enables you to manage licenses, user profiles, linked users, authentication methods and administration rules (data activation, four-eye policy application).

The Functionality Service contains the management interface for formats.

Licenses Administration

You can now manage licenses by tenant (workgroup), with the option of a default license (so far available management).

Security Enhancements

Security patches have been applied:

  • display of the version number
  • general error messages
  • limited number of OTP entries
  • authorized list of redirection URLs
  • support of TLS 1.2 or 1.3 in https mode

You can now use the same session (only one identification and one token) on several products through the Refresh token process.

Payments API

Batch transfers are now part of the transfers available on payment generation API.

Integration

  • Sage.fcs.client Library

Sage.fcs.client (wrapper) enables the transparent use of a Rest API set hosted by SCASServer, SCDTSServer and SCPSServer services from Sage XRT Common Services.

Provided as a DLL, Sage.fcs.client operates in 32 bits and 64 bits. It may be used as a .NET library, or as a COM component.

  • Sage.fcs.apifmt Application

This console application can provide the distant execution results for the formats API processing.

  • Sage.fcs.pwdencode Application

This console application can encrypt the user password to avoid its plaintext circulation on the network.

The password can be base64-encoded only (by default) or encrypted with the public key of the SCAS authentication service plus base64-encoded.

Formats

  • TLMC Format

TLMC format is designed for remote collection of checks and is now available for signature and for edition (portrait and slip).

  • Conf_std_aef Format

The standard Confirming format (Spanish Facturing Association) is now available in signature and in edition (portrait, landscape and slip).

It is designed to both standardize Confirming for Spain and stop any further specific format.