Sterling B2B Integrator - Configuration Requirements
The Configuration requirements chapter defines the elements that have to be configured on EBICS Client to transact with a bank.
For detailed configuration information, see the EBICS Client User Guide.
Before using the EBICS Client, you must configure Sterling B2B Integrator.
Basic Configuration
To begin, configure the following:
- Check in the public keys shared by the bank to the Certificate Authority (CA) store or create a self-signed certificate with SHA256 hash algorithm.
- Create an identity record for the partner, indicating the partner as the base identity.
- Create a user account.
- Configure an adapter that enables you to send and receive files and invokes the EBClientOrderPreProcess business process. For example, configure a File System Adapter to invoke the EBClientOrderPreProcess business process. EBClientOrderPreProcess business process is used to validate the payload received from a technical user and to extract the folder containing the payload or metadata and post the payload data to appropriate mailboxes.
- Configure the following mail boxes and associate them with each user:
- EBClientOrderMetadata (preconfigured)
- Download (Inbox)
- Upload (Outbox)
- Verify that the EBClientMailboxArrivedMessage business process is associated with the EBClientOrderMetadata Mailbox. The automatic routing rule triggers the business process to perform automated functions, such as notifying an interested party about an incoming message in the mailbox.
- Ensure that the MailboxEvaluateAllAutomaticRulesSubMin Schedule is enabled. The schedule periodically evaluates the routing rule to ensure proper functioning of the routing rule.
File System Space Requirements for FDL Requests
Because the FDL order type uses the file system to store the payload, it is important to plan file system storage accordingly. A large FDL payload requires about 6 times as much file space as the payload size itself. For example, a 5 GB payload requires over 30 GB of file space in Sterling B2B Integrator to process the request.
Configuring an existing Sterling B2B Integrator user as an EBICS Client user is the first step towards transacting with the bank.
This includes specifying values for attributes, such as, user type, certificate type, and so on. Three types of users can be configured on EBICS Client;
- EBICS Client Admin
- EBICS Client Operator
- EBICS Client User
Another user type, technical user can also be configured. EBICS Client supports X.509 and RSA Keys standards to define digital certificates. User configuration attributes vary based on the user type and certificate type. Configuring Certificate and key related information is not required for an EBICS Client admin or EBICS Client operator. For more information about user types, see Managing Profiles for Users.
There are three order types used for user initialization: H3K, INI, and HIA. H3K is the simplest and transmits all three public certificates at the same time. However, H3K cannot be used in all cases, such as if trusted keys are used or with protocol version H003. If you cannot, or prefer not to, use H3K, you can use INI and HIA together to transmit the public certificates. For more information about user initialization, see Initializing a User in the EBICS Client User documentation.
A bank is the primary entity in an EBICS transaction. It hosts the server with which a partner and users who are associated with the partner can perform EBICS transactions.
The details of the bank configuration include:
- Bank ID (Host ID)
- Bank Name
- Bank URL
- Is RSA preferred
- Bank contact information
- E-mail address
- Public keys of authentication and encryption certificates
- Key versions of authentication and encryption certificates
An integral part of the bank configuration is the bank ID or host ID. After a contract is signed, the bank shares the bank ID or host ID together with the URL of the bank with the partner. An EBICS Client admin creates a bank profile using the information shared by the bank with the partner. If the bank URL uses a secure HTTP protocol, then an HTTPS certificate is required. The HTTPS certificate for the bank is created on Sterling B2B Integrator and configured using EBICS Client.
The bank status is set to New until the public identification and authentication and encryption bank keys are validated. Bank key validation includes the following steps:
- An EBICS Client user submits an HPB order type to download the public bank keys.
- After successful validation of the user's authentication and identification keys, the bank sends an HPB response. The HPB response contains the public bank keys. The keys are stored in the database of EBICS Client and hash value of the keys is generated.
- The bank provides hash values of the public part of the keys to the user through a channel independent of EBICS. For example, a portal, mail, or the website of the bank.
- The user copies the hash values from the portal and validates the bank keys using the EBICS Client dashboard interface.
- The hash values shared by the bank are compared with the internally generated hash values. If the hash values match, the status of the bank is set to Activated. If the hash values of the bank and user do not match, the user is prompted to revalidate the bank keys.
The format or type of file that is uploaded or downloaded is identified by the File Format attribute. An order type can have zero or more file formats. A file format can contain the country code and supported order types.
A file format contains the following attributes:
- Country Code
- Code of the country in which the file format is supported.
- Supported order types
- FUL (Upload) and FDL (Download).
- The first four characters should be from a to z.
- The name should contain a dot (.).
An offer is a super set of order types and file formats. An offer is associated with a bank ID to specify the possible order types and file formats that can be used when transacting with the bank. Offers provide the advantage of grouping many bank transactions and handling them together.
An offer contains the following attributes:
- Name: offer name
- Bank ID: The bank ID with which the offer is associated
- Order type: supported order type
- File format: supported file format
Note: Only an EBICS Client admin can configure file formats and offers.
User permissions define the offers, order types, and file formats, an EBICS Client user can process on EBICS Client.
One of the following permission types can be assigned to a user:
- Signer
- A signer can only sign an order, but cannot submit it.
- Submitter
- A submitter can submit an order after the designated signer or signers sign the order.
The following table provides information about the authorization levels that can be specified for an EBICS Client user.Table 1. Authorization levels
Authorization level | Permission type | Description |
|---|---|---|
| E | Signer | Single signature. It is the strongest authorization level. |
| A | Signer | Primary signature |
| B | Signer | Secondary signature |
| T | Submitter | Transport signature. Transport signatures are not used for authorization of bank-technical orders, but for authorized submission to the bank system. |
If the electronic signature value is set to 1, then a single signature of E or A authorization level is required to process an order. If the ES value is set to 2, then a combination of E or A and B is required to process the order. ES value is set to 0 in case of key management orders.
Note: EBICS specification does not permit a combination of two secondary ES authorization levels (that is authorization level B) for processing an order.
Previous Topic
Sterling B2B Integrator - EBICS Client Architecture and Key Features
Parent Topic
Sterling B2B Integrator - EBICS Client Overview
Next Topic
Sterling B2B Integrator - Order Submission