Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Set up integration with SiPass Integrated

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Feb 07, 2024 by Josefin Klang (Deactivated)
3 min read

This article is valid for Smart ID 21.04 and later.

This article describes how to configure the SiPass Integrated Service, to enable integration between the Smart ID Physical Access component in Smart ID Identity Manager and SiPass.

SiPass Integrated is an Access Control System provided by Siemens and managed by a GUI and a Restful API. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in SiPass

For details on which data can be imported and exported from SiPass, see About import and export to Physical Access.

Prerequisites

The following prerequisites apply:

  • Physical Access and SiPass Docker container/service are installed. See Deploy Smart ID

  • Physical Access has been tested with version 2.76.

  • The message queue server must be running.

  • If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar). 

  • A working network connection to the connected physical access control systems (PACS) must be in place.

Configure SiPass Service data fields

The SiPass data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

Configure database

For information about how to connect to a PACS system, see Connect to a PACS system in PACS admin panel.

For information about group: messagingqueue, see Physical Access database - common parameters.

group: sipass.system

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

clientUniqueId

string

Required

The Unique client name for SiPass HR API.

Default: PHYSICAL-ACCESS-SIPASS-CLIENT

username

string

Required

The username that will be used when accessing SiPass HR API endpoints.

Default: Siemens

password

string

Required

The password that will be used when accessing SiPass HR API endpoints.

Default: spirit

group: sipass.general

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

apiUrl

string

Required

API URL of SiPass HR Restful Service API of SiPass Integrated Service.

Default: https://sipass-system:8745/

group: sipass.export

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

layoutIdentifierType

string

Required

This identifier is used to refer to layout of access token.

group: sipass.card.mapping.default

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

layout

string

Required

The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once.

cardNumberIdentifier

string

Optional

The identifier type used to read card numbers.

Default: “mifare”

format

string

Optional

The format that the card number should be converted into before exporting it to SiPass. Valid values: Linear, Skip.
Use "skip" to skip card export.

length

int

Required

The maximum length of card. If the card is less than the card length, then the card will right pad with zeroes.

cardLayoutCode

int

Required

The id of the credential profile which we get from HR API api/v1/hr/CredentialProfiles. In the response, the field "Token" indicates cardLayoutCode.

cardTechnologyCode

int

Required

The code of encoding technology used to write the card. We get card technology code from HR API api/v1/hr/CredentialProfiles. In the response, the field "CardTechnology" indicates CardTechnologycode.

facilityCode

int

Required

The facilityCode is the Card technology facility code. We get card Card facility code from HR API api/v1/hr/CredentialProfiles. In the response, the field "FacilityCode" indicates FacilityCode.

pinMode

string

Required

The PinMode indicate pinmode combination for the card. Possible values are “Card”,”CardPin” and ”Pin”.

pinLength

int

Required

The maximum length of the card pin.

group: sipass.card.mapping

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

layout

string

Required

The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once.

cardNumberIdentifier

string

Optional

The identifier type used to read card numbers.

Default: “mifare”

format

string

Optional

The format that the card number should be converted into before exporting it to SiPass. Valid values: Linear, Skip.
Use "skip" to skip card export.

length

int

Required

The maximum length of card. If the card is less than the card length, then the card will right pad with zeroes.

cardLayoutCode

int

Required

The id of the credential profile which we get from HR API api/v1/hr/CredentialProfiles. In the response, the field "Token" indicates cardLayoutCode.

cardTechnologyCode

int

Required

The code of encoding technology used to write the card. We get card technology code from HR API api/v1/hr/CredentialProfiles. In the response, the field "CardTechnology" indicates CardTechnologycode.

facilityCode

int

Required

The facilityCode is the Card technology facility code. We get card Card facility code from HR API api/v1/hr/CredentialProfiles. In the response, the field "FacilityCode" indicates FacilityCode.

pinMode

string

Required

The PinMode indicate pinmode combination for the card. Possible values are “Card”,”CardPin” and ”Pin”.

pinMode Example:

id

group

index

key

system

value

id

group

index

key

system

value

1

sipass.card.mapping

1

cardLayoutCode

SiPass

2

2

sipass.card.mapping

1

cardNumberIdentifier

SiPass

mifare

3

sipass.card.mapping

1

cardTechnologyCode

SiPass

26

4

sipass.card.mapping

1

facilityCode

SiPass

0

5

sipass.card.mapping

1

format

SiPass

Linear

6

sipass.card.mapping

1

layout

SiPass

MifareSmart

7

sipass.card.mapping

1

length

SiPass

9

8

sipass.card.mapping

1

pinLength

SiPass

4

9

sipass.card.mapping

1

pinMode

SiPass

Card

group: export

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

userfieldmappings

string

Optional

The userfieldmappings is the combination of all additional fields which we can send to SiPass. Currently, we can configure Person Details (Contact Details and User Details) of SiPass. For additional user field mapping we can take reference of HR API of SiPass.

The value in the configuration setting is a combination of table_name.value_of_type_column, field_name_of_SiPass. This configuration setting is the mapping between Physical Access (IDC3) table field and SiPAss field. We can send user column fields by adding configuration like user.column_name,omnis_field_name.

To export these fields to SiPass, do the following configuration:

Id 

group

index

key

system

value

Id 

group

index

key

system

value

1

export

0

userfieldmappings

SiPass

email.work,Email

2

export

1

userfieldmappings

SiPass

phone.mobile,MobileNumber

3

export

2

userfieldmappings

SiPass

address.work,Address

4

export

3

userfieldmappings

SiPass

user.title,Title

Restart service

Restart the SiPass connector service:

Restart Physical Access SiPass connector
cd <SMARTIDHOME>/compose/physicalaccess docker-compose restart smartid-pa-sipass

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions