Set up integration with RCO R-CARD M5
This article is valid for Smart ID 22.04 and later.
This article describes how to configure the RCO Service, to enable integration between Smart ID Identity Manager and RCO R-Card M5.
RCO R-Card M5 is an access control system provided by RCO and managed by a GUI and a web service on the server. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in RCO.
For details on which data can be imported and exported from RCO R-CARD M5, see About import and export to Physical Access.
Prerequisites
The following prerequisites apply:
Physical Access and the RCO R-CARD M5 Docker container/service are installed. See Deploy Smart ID.
Physical Access has been tested with version 5.39.4.
The message queue server must be running
If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar).
A working network connection to the connected physical access control systems (PACS) must be in place.
Configure RCO Service data fields
The RCO data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.
Configure database
For information about how to connect to a PACS system, see Connect to a PACS system in PACS admin panel.
For information about group: messagingqueue, see Physical Access database - common parameters.
group: rco.system
key | Data type | Required or Optional | Description |
---|---|---|---|
systemName | string | Optional | The name of the RCO system. Default: |
username | string | Optional | The username that will be used when logging in to the RCO system. Default: |
password | string | Optional | The password that will be used when logging in to the RCO admin service. Default: |
group: rco.general
key | Data type | Required or Optional | Description |
---|---|---|---|
connectionString | string | Required | The connection string for the R-CARD M5 system. Example: |
useDomainNames | bool | Optional | Whether to include the domain in the name of access groups in IDC. Default: |
domainNameSeparator | string | Optional | The string that will separate the domain name and the name of the access group. Default: “ – “ |
group: rco.index
key | Data type | Required or Optional | Description |
---|---|---|---|
id | int | Optional | The RCO index of the attribute where the IDC person ID should be stored. Default: 9 |
idSearch | int | Optional | The RCO search index of the attribute where the IDC person ID is stored. Default: 6 |
group: rco.export
key | Data type | Required or Optional | Description |
---|---|---|---|
updatesPerPoll | int | Optional | The number of persons to export per poll. Default: 100 |
useCategory | bool | Optional | Determines whether to use the card’s category or layout as name in RCO. Default: |
idPadding | string | Required | The value to pad the Physical Access person IDs in RCO with. IDs must be padded because, when searching, RCO does partial matching. For example, searching for “1” matches all IDs containing “1”. The value must consist of 1-3 characters and valid characters are: A-Za-z_! Default: |
layoutIdentifierType | string | Required | This is a type of identifier which we want to use to refer layout of access token. |
categoryIdentifierType | string | Required | This is a type of identifier which we want to use to refer category of access token. |
userfieldmappings | string | Optional |
User column fields can be sent by adding the configuration |
The following table shows sample configurations for userfieldmappings
:
system | key | value | group | index |
---|---|---|---|---|
RCO | userfieldmappings | user.Ssn,6 | rco.export | 0 |
RCO | userfieldmappings | useradditionalfield.other,27 | rco.export | 0 |
RCO | userfieldmappings | email.work,13 | rco.export | 0 |
RCO | userfieldmappings | user.title,7 | rco.export | 0 |
group: rco.card.mapping.{value of layout identifier}
This group contains compound configuration elements using the config_index column. For each unique config_index value in this group, each key defined below must be defined exactly once. Note that this group is not required as a whole, and should only be used if you have specific requirements for one or more card layouts.
key | Data type | Required or Optional | Description |
---|---|---|---|
layout | string | Optional | The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once. |
cardNumberIdentifier | string | Optional | This indicates the identifier for card number. |
format | string | Optional | The format that the card number should be converted into before exporting it to RCO. Valid values: |
length | int | Optional | The length that the card number should be trimmed (leading digits) or padded (with leading zeroes) to after converting it. |
group: rco.card.mapping.default
This group defines how to export card numbers by default, when a card’s layout does not have a specific mapping.
key | Data type | Required or Optional | Description |
---|---|---|---|
cardNumberIdentifier | string | Optional | The default identifier type to read card numbers. Default: |
format | string | Optional | The format that the card number should be converted into before exporting it to RCO. Valid values: Default: |
length | int | Optional | The length that the card number should be trimmed (leading digits) or padded (with leading zeroes) to after converting it. Default: 9 |
Restart service
Restart the RCO R-CARD M5 connector service:
Restart Physical Access RCO R-CARD M5 connector
cd <SMARTIDHOME>/compose/physicalaccess
docker-compose restart smartid-pa-rco
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions