Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This article describes how to configure the SiPass Integrated Service, to enable integration between the Smart ID Physical Access component in Smart ID Identity Manager and SiPass.

SiPass Integrated is an Access Control System provided by Siemens and managed by a GUI and a Restful API. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in SiPass

For details on which data can be imported and exported from SiPass, see About import and export to Physical Access.


Prerequisites

 Prerequisites

The following prerequisites apply:

  • Physical Access and SiPass Docker container/service are installed. See Deploy Smart ID
  • Physical Access has been tested with version 2.76.
  • The message queue server must be running.
  • If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar). 
  • A working network connection to the connected physical access control systems (PACS) must be in place. 

Configure SiPass Service data fields

The SiPass data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

 Configure database

group: messagingqueue

keyData typeRequired or OptionalDescription
serverstringRequired

IP Address of Message Queue Server. If it is installed on the local server then we can use localhost. If we are accessing this server remotely then need to mention IP address.

usernamestringRequired

Username of message queue server.

Default value: “guest”

passwordstringRequired

Password of message queue server.

Default value: “guest”

systemstringRequired

Defines which messaging queue to be used, either "rabbitmq" or "azureservicebus".

Default value: "rabbitmq"

group: general

keyData typeRequired or OptionalDescription
deleteUserOnNoEntitlementstringOptional

Defines if the user shall be deleted if no active entitlement assignment are present for that user.

Valid values: true or false.

Default: true

deleteUserOnNoAccessTokenstringOptional

Defines if the user shall be deleted if no active access tokens are present for that user.

Valid values: true or false.

Default: true 

heartbeatInterval

intOptional

Heartbeat interval is the time difference between two successive heartbeats, and it is used to know if the system is in active (running) or in inactive (stopped) state.

Default value and minimum value: 60 seconds. If it is set less than 60 seconds, it will be considered as 60 seconds to update the status.

group: sipass.system

keyData typeRequired or OptionalDescription

clientUniqueId

stringRequired

The Unique client name for SiPass HR API.

Default: PHYSICAL-ACCESS-SIPASS-CLIENT

username

stringRequired

The username that will be used when accessing SiPass HR API endpoints.

Default: Siemens

passwordstringRequired

The password that will be used when accessing SiPass HR API endpoints.

Default: spirit

group: sipass.general

keyData typeRequired or OptionalDescription
apiUrlstringRequired

API URL of SiPass HR Restful Service API of SiPass Integrated Service.

Default: https://sipass-system:8745/

group: sipass.export

keyData typeRequired or OptionalDescription
layoutIdentifierTypestringRequiredThis identifier is used to refer to layout of access token.

group: sipass.card.mapping.default

keyData typeRequired or OptionalDescription
layoutstringRequiredThe name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once.
cardNumberIdentifierstringOptional

The identifier type used to read card numbers.

Default: “mifare”

formatstringOptional

The format that the card number should be converted into before exporting it to SiPass. Valid values: Linear, Skip.
Use "skip" to skip card export.

lengthintRequiredThe maximum length of card. If the card is less than the card length, then the card will right pad with zeroes.
cardLayoutCodeintRequiredThe id of the credential profile which we get from HR API api/v1/hr/CredentialProfiles. In the response, the field "Token" indicates cardLayoutCode.
cardTechnologyCodeintRequiredThe code of encoding technology used to write the card. We get card technology code from HR API api/v1/hr/CredentialProfiles. In the response, the field "CardTechnology" indicates CardTechnologycode.
facilityCodeintRequiredThe facilityCode is the Card technology facility code. We get card Card facility code from HR API api/v1/hr/CredentialProfiles. In the response, the field "FacilityCode" indicates FacilityCode.
pinModestringRequiredThe PinMode indicate pinmode combination for the card. Possible values are “Card”,”CardPin” and ”Pin”.
pinLengthintRequiredThe maximum length of the card pin.

group: sipass.card.mapping

keyData typeRequired or OptionalDescription
layoutstringRequiredThe name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once.
cardNumberIdentifierstringOptional

The identifier type used to read card numbers.

Default: “mifare”

formatstringOptional

The format that the card number should be converted into before exporting it to SiPass. Valid values: Linear, Skip.
Use "skip" to skip card export.

lengthintRequiredThe maximum length of card. If the card is less than the card length, then the card will right pad with zeroes.
cardLayoutCodeintRequiredThe id of the credential profile which we get from HR API api/v1/hr/CredentialProfiles. In the response, the field "Token" indicates cardLayoutCode.
cardTechnologyCodeintRequiredThe code of encoding technology used to write the card. We get card technology code from HR API api/v1/hr/CredentialProfiles. In the response, the field "CardTechnology" indicates CardTechnologycode.
facilityCodeintRequiredThe facilityCode is the Card technology facility code. We get card Card facility code from HR API api/v1/hr/CredentialProfiles. In the response, the field "FacilityCode" indicates FacilityCode.
pinModestringRequired

The PinMode indicate pinmode combination for the card. Possible values are “Card”,”CardPin” and ”Pin”.

Example:

Idgroupindexkeysystemvalue
1sipass.card.mapping1cardLayoutCodeSiPass2
2sipass.card.mapping1cardNumberIdentifierSiPassmifare
3sipass.card.mapping1cardTechnologyCodeSiPass26
4sipass.card.mapping1facilityCodeSiPass0
5sipass.card.mapping1formatSiPassLinear
6sipass.card.mapping1layoutSiPassMifareSmart
7sipass.card.mapping1lengthSiPass9
8sipass.card.mapping1pinLengthSiPass4
9sipass.card.mapping1pinModeSiPassCard

group: export


keyData typeRequired or OptionalDescription
userfieldmappingsstringOptional

The userfieldmappings is the combination of all additional fields which we can send to SiPass. Currently, we can configure Person Details (Contact Details and User Details) of SiPass. For additional user field mapping we can take reference of HR API of SiPass. To export these fields to SiPass we need to do following configuration:

Idgroupindexkeysystemvalue
1export0userfieldmappingsSiPassemail.work,Email
2export1userfieldmappingsSiPassphone.mobile,MobileNumber
3export2userfieldmappingsSiPassaddress.work,Address
4export3userfieldmappingsSiPassuser.title,Title

The value in the configuration setting is a combination of table_name.value_of_type_column, field_name_of_SiPass. This configuration setting is the mapping between Physical Access (IDC3) table field and SiPAss field. We can send user column fields by adding configuration like user.column_name,omnis_field_name.

Restart service

 Restart service
  1. Restart the SiPass connector service:

    Restart Physical Access SiPass connector
    cd <SMARTIDHOME>/compose/physicalaccess
    docker-compose restart smartid-pa-sipass

This article is valid for Smart ID 21.04 and later.

Related information

  • No labels