Set up integration with SiPass Integrated
This article is valid for Smart ID 21.04 and later.
This article describes how to configure the SiPass Integrated Service, to enable integration between the Smart ID Physical Access component in Smart ID Identity Manager and SiPass.
SiPass Integrated is an Access Control System provided by Siemens and managed by a GUI and a Restful API. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in SiPass.
For details on which data can be imported and exported from SiPass, see About import and export to Physical Access.
Prerequisites
The following prerequisites apply:
Physical Access and SiPass Docker container/service are installed. See Deploy Smart ID.
Physical Access has been tested with version 2.76.
The message queue server must be running.
If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar).
A working network connection to the connected physical access control systems (PACS) must be in place.
Configure SiPass Service data fields
The SiPass data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.
Configure database
For information about how to connect to a PACS system, see Connect to a PACS system in PACS admin panel.
For information about group: messagingqueue, see Physical Access database - common parameters.
group: sipass.system
key | Data type | Required or Optional | Description |
---|---|---|---|
clientUniqueId | string | Required | The Unique client name for SiPass HR API. Default: |
username | string | Required | The username that will be used when accessing SiPass HR API endpoints. Default: |
password | string | Required | The password that will be used when accessing SiPass HR API endpoints. Default: |
group: sipass.general
key | Data type | Required or Optional | Description |
---|---|---|---|
apiUrl | string | Required | API URL of SiPass HR Restful Service API of SiPass Integrated Service. Default: https://sipass-system:8745/ |
group: sipass.export
key | Data type | Required or Optional | Description |
---|---|---|---|
layoutIdentifierType | string | Required | This identifier is used to refer to layout of access token. |
group: sipass.card.mapping.default
key | Data type | Required or Optional | Description |
---|---|---|---|
layout | string | Required | The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once. |
cardNumberIdentifier | string | Optional | The identifier type used to read card numbers. Default: “mifare” |
format | string | Optional | The format that the card number should be converted into before exporting it to SiPass. Valid values: Linear, Skip. |
length | int | Required | The maximum length of card. If the card is less than the card length, then the card will right pad with zeroes. |
cardLayoutCode | int | Required | The id of the credential profile which we get from HR API api/v1/hr/CredentialProfiles. In the response, the field "Token" indicates cardLayoutCode. |
cardTechnologyCode | int | Required | The code of encoding technology used to write the card. We get card technology code from HR API api/v1/hr/CredentialProfiles. In the response, the field "CardTechnology" indicates CardTechnologycode. |
facilityCode | int | Required | The facilityCode is the Card technology facility code. We get card Card facility code from HR API api/v1/hr/CredentialProfiles. In the response, the field "FacilityCode" indicates FacilityCode. |
pinMode | string | Required | The PinMode indicate pinmode combination for the card. Possible values are “Card”,”CardPin” and ”Pin”. |
pinLength | int | Required | The maximum length of the card pin. |
group: sipass.card.mapping
key | Data type | Required or Optional | Description |
---|---|---|---|
layout | string | Required | The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once. |
cardNumberIdentifier | string | Optional | The identifier type used to read card numbers. Default: “mifare” |
format | string | Optional | The format that the card number should be converted into before exporting it to SiPass. Valid values: Linear, Skip. |
length | int | Required | The maximum length of card. If the card is less than the card length, then the card will right pad with zeroes. |
cardLayoutCode | int | Required | The id of the credential profile which we get from HR API api/v1/hr/CredentialProfiles. In the response, the field "Token" indicates cardLayoutCode. |
cardTechnologyCode | int | Required | The code of encoding technology used to write the card. We get card technology code from HR API api/v1/hr/CredentialProfiles. In the response, the field "CardTechnology" indicates CardTechnologycode. |
facilityCode | int | Required | The facilityCode is the Card technology facility code. We get card Card facility code from HR API api/v1/hr/CredentialProfiles. In the response, the field "FacilityCode" indicates FacilityCode. |
pinMode | string | Required | The PinMode indicate pinmode combination for the card. Possible values are “Card”,”CardPin” and ”Pin”. |
pinMode Example:
id | group | index | key | system | value |
---|---|---|---|---|---|
1 | sipass.card.mapping | 1 | cardLayoutCode | SiPass | 2 |
2 | sipass.card.mapping | 1 | cardNumberIdentifier | SiPass | mifare |
3 | sipass.card.mapping | 1 | cardTechnologyCode | SiPass | 26 |
4 | sipass.card.mapping | 1 | facilityCode | SiPass | 0 |
5 | sipass.card.mapping | 1 | format | SiPass | Linear |
6 | sipass.card.mapping | 1 | layout | SiPass | MifareSmart |
7 | sipass.card.mapping | 1 | length | SiPass | 9 |
8 | sipass.card.mapping | 1 | pinLength | SiPass | 4 |
9 | sipass.card.mapping | 1 | pinMode | SiPass | Card |
group: export
key | Data type | Required or Optional | Description |
---|---|---|---|
userfieldmappings | string | Optional | The userfieldmappings is the combination of all additional fields which we can send to SiPass. Currently, we can configure Person Details (Contact Details and User Details) of SiPass. For additional user field mapping we can take reference of HR API of SiPass. The value in the configuration setting is a combination of table_name.value_of_type_column, field_name_of_SiPass. This configuration setting is the mapping between Physical Access (IDC3) table field and SiPAss field. We can send user column fields by adding configuration like user.column_name,omnis_field_name. |
To export these fields to SiPass, do the following configuration:
Id | group | index | key | system | value |
---|---|---|---|---|---|
1 | export | 0 | userfieldmappings | SiPass | email.work,Email |
2 | export | 1 | userfieldmappings | SiPass | phone.mobile,MobileNumber |
3 | export | 2 | userfieldmappings | SiPass | address.work,Address |
4 | export | 3 | userfieldmappings | SiPass | user.title,Title |
Restart service
Restart the SiPass connector service:
Restart Physical Access SiPass connector
cd <SMARTIDHOME>/compose/physicalaccess
docker-compose restart smartid-pa-sipass
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions