Sage XRT Business Exchange 2024 R1

General

New KPIs for the Dashboard

New KPIs can be inserted into the Dashboard for even more visibility and insight on the status of sent and received files.

Select the Dashboard — Preferences menu to define your display settings.

In the Dashboard, click Edit.

Select the widgets and click Add.

To remove a widget, click its upper right corner and select Remove.

Every widget can be resized and moved.

Default entities on Online Banking

You can set a default entity to work with when logging in to the application.

From the Dashboard — Preferences menu, select an entity in the Information tab.

Supervision

Signature workflows

From the menus Signature — File Status and Audit — Sent Flows, the layout of the signature workflows has been revised to provide more details.

Exchange rates and notifications/alerts on signatures

Exchange rates and notifications/alerts on signatures and actions can be set up directly in Supervision module, from the Setup menu.

The Recipients Groups defined in Sage XRT Business Exchange Administration are displayed and can be modified.

You can add, modify or delete Signature Alerts or Action Alerts.

You can modify the exchange rates, add one by clicking the addition sign +, and delete them using the deletion button (bin icon).

Link to Web Administration

The authorized users can access Web Administration directly from Supervision module, through the menu Tools — To Web Administration.

New columns in sending history

In the Communication menu, the Total Amt column of the Sending History enables you to search for files by total amount, and the Nber of trn column specifies the number of transactions inside the file.

New transmission statuses

When Payment Status Report (PSR) is set for your contracts to send, new statuses specify the result of the sending process after the reconciliation of the Payment Status Report.

Two new columns are available:

Reconciliation Status, specifying the PSR status Rejected, Confirmed or Not reconciled,
Payment Status Report / Acknowledgment, containing the received PSR document.

These columns appear on the following pages: Sending History of the Communication menu, File Status of the Signature menu and Sent Flows of the Audit menu.

In the signature archives, the Signature workflow includes a new line for the confirmation.

To use the new Confirmed and Rejected statuses, you need to set up the acknowledgment services (PSR, PRSP3, etc.).

From Service Manager in Sage XRT Business Exchange, select a service then open the Post-Transfer Exit tab. Select a process, then in the corresponding Processes dialog box, add the /ID:%#IDA variable in the Arguments field.

Swift CSP 2024 reports

To ensure the compliance with Swift CSP 2024, you can generate reports on your setup.

In the Tools — Analyses screen, launch an analysis from the Configuration Swift group to generate a report.

Signature

New signature options

Support of XADES signatures on Mac OS through Swift 3skey token.
Support of signatures for certificates with a RSA key between 2048 and 4096 bits, in EBICS 2.4 and 2.5.

Sage XRT Business Exchange automatically authorizes 4096-bit RSA signatures.

Support of CSC protocol (Cloud Signature Consortium) with Certinomis and Certeurop

You can use the CSC protocol (Cloud Signature Consortium) with providers Certinomis and Certeurop. This protocol enables the replacement of the physical tokens by cloud signature certificates.

From the Signatory List — Signatories menu in the Signature Contract Manager, you must set up the X509 certificate for signatories by selecting the right provider.

The EBICS protocol must be associated with the EBICS identities of each signatory and initialized by your banking partners.

New Format for S/MIME signature

A new option enables the generation of S/MIME signatures in the signature station in a new format without header.

This option can be set in the registry, with the key HKEY_LOCAL_MACHINE\SOFTWARE\XRT\SMP_P5\PDS\SMime Content Mode »(REG_DWORD).

0: generation of the original default S/MIME format in text/plain, base64 (recommended)

1: generation of S/MIME format without description header, plaintext file monitoring

Support of wrapped files

You can now add wrapped files (signed and encrypted) in the signature station.

The option /E: has been added to pdscopy command line:

/E: Envelope type {PKCS7|SMIME|GPG|MIMEGPG|AUTO}

Example: pdscopy.exe /P :SAGE /C :SAGE /S :SCT /T :FTP /E:AUTO monfichier.eml

The signature station automatically detects the envelope and content type of the file: PKCS7, GPG, S/MIME or standard file (XML, AFBXXX, etc.).

A new entry has been added to the registry: HKEY_LOCAL_MACHINE\SOFTWARE\XRT\SMP_P5\PDS\Force Envelope Detection. It enables the automatic activation of the /E:AUTO parameter when the envelope type is not specified. The default value is NO. To activate it, you need to enter the value YES or Y.

When the /E:AUTO parameter is activated, you can insert wrapped files from the Add service of the signature station.

Envelope decryption is logged in xsmonitor.log.

Example: pdscopy.exe /P:SAGE /C:SAGE /S:SCT /T:FTP /E:SMIME myfile.eml

PKCS7, GPG, S/MIME (PKCS7) and S/MIME (GPG) wrapped files are supported.

Technically, the decrypting dlls from Sage XRT Business Exchange (envpkcs7.dll, envsmime.dll, envgpg.dll) are used to extract the plaintext content from the security envelopes, after signature decryption/verification.

Administration

Passphrase modification in AWS Vault

When AWS Vault is being set up on an ongoing production environment, you can modify the passphrase of each private GPG key installed.

In the p5wcert.exe utility, add the parameter :/CHP (Change Password, for GPG only).

MS Graph API 1.0

You can use Microsoft Graph API to send e-mails from Office 365 cloud version.

In the menu Notification Service — SMTP Device of System Administration, you can specify on the Notification service the Client and Tenant identifiers for the SMTP device.

UTF-8 support on SFTP and FTP servers

With Sage XRT Business Exchange running in server/sender mode, the support of UTF-8 charset allows the display of the list of files with special characters.

In the menu File Transfer Service — Protocol Device of System Administration, add the variable: Utf8 charset = YES for SFTP or FTP.

Lapse of time before reconnecting

To prevent any client connections from remaining active all day long, checks on the KeepAlive commands must be performed for SFTP and FTP server protocols.

When a certain number of consecutive KeepAlive commands is reached, the connection is deactivated. This limit is settable.

When any other command than KeepAlive is sent, the counter is reset.

When the Authorize KeepAlive commands parameter is set to YES, KeepAlive commands keep the connection active. This is the default behavior for all Sage XRT Business Exchange versions before version 15 (2023 R1).
When the Authorize KeepAlive commands parameter is set to NO, KeepAlive commands cannot keep the connection active. This is the default behavior for all versions as of version 15 (2023 R1).

A new variable enables you to specify a period of time before reconnecting, in order to stop any attempt of immediate reconnection.

In System Administration, open the menu File Transfer Service — Protocol Device — SFTP or FTP.

In the Specific tab, add the variable Burn account timeout. The value of this variable is expressed in Seconds.

Every unauthorized access attempt is registered into Sage XRT Business Exchange log.

Distribution of files from Swift Alliance Lite 2

In a two-installation configuration of Sage XRT Business Exchange, i.e. one installation used to send files and the other to receive them, you can direct the files coming from Swift Alliance Lite 2 to the relevant installation.

Example: retrieval of Transmission Report for Sage XRT Business Exchange managing the sending, and retrieval of messages for Sage XRT Business Exchange managing receptions.

In System Administration, open the menu File Transfer Service — Protocol Device— Swift RA. In the Specific tab, for the SAL2 Event Filter variable, enter one of these three values:

0: All Events
1: Message Events Only
2: Error, Transmission, Delivery Events Only

Sites management on SXBE proxy

On SXBE proxy, a same station can execute more than one P5cPRX services, for several independent Sage XRT Business Exchange servers.

In the Service Manager, on DMZ Tools (dmztoolpanel), select or create a site, then click SBE Proxy Settings.

Select the option Enable Network Proxy Service.

Specify a port number in the Incoming Service Address field, then click the ... button in front of this area.

In the Network Interfaces dialog box, select the TCP-IP Interface option and click OK to validate.

Support of security envelopes for External protocol

The various security envelopes can be used on the External protocol, in sending or receiving mode.

The Security Envelope tab has been added for Contract Manager services, from the Bank [X] - External Protocol menu.

Modification of column names

You can change the names of columns Reference 0 to 9, Entity, Client, Protocol and Service for Signature.

In the file Html\OnlineBanking\Signature2\pds\i18n\fr.json, the descriptions of the references are specified in the variables extraref from 0 to 9.

Descriptions for the other variables can be modified on the line "grid":{"header":{"entity":"Entity","service":"Service","client":"Client","protocol":"Protocol".

Example: the default description "extraref0":"Référence 0" is replaced by "extraref0":"Treasury Reference".

New variable for P5BAM analyses

On the P5BAM.exe queries, you can use the variable $VUNAME$: User name to personalize the result according to the connected user.

Improved Dashboard caches

You can speed up the display of the Dashboard by specifying a value (in minutes) for the Cache Dashboard Expiration key at the level of RAPI service.

You can refresh the dashboard at any time by clicking the refresh button.

Security

Management of Slow HTTP vulnerability

The low and slow attacks target the thread-based web servers and try to occupy each thread with slow queries, preventing real users from accessing the service.

The vulnerability to Slow Header HTTP and Slow Post HTTP attacks has been mitigated on RAPI service.

New security standards

In compliance with security standards, Carbon library has been updated to version 132.2.

The attachments for signature are limited to the following formats:

png
pdf
jpg
jpeg
gif
bmp
docx
pptx
xslx
txt
odt
ods
odp
rtf
csv