- Created by Karolin Hemmingsson, last modified by Ylva Andersson on May 24, 2022
This article describes how to configure the RCO R-CARD M5 Admin API Service, to enable integration between the Smart ID Physical Access component in Smart ID Identity Manager and RCO R-CARD M5 via an Admin API.
R-CARD M5 is an Access Control System provided by RCO and managed via a Restful API. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in R-CARD M5.
For details on which data can be imported and exported from RCO R-CARD M5, see About import and export to Physical Access.
Prerequisites
The following prerequisites apply:
- Physical Access and RCO R-CARD M5 Admin API Docker container/service are installed. See Deploy Smart ID.
- RCO R-CARD M5 Admin API 5.48.0 is required, Physical Access tested on it.
- The message queue server must be running.
- If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar).
- A working network connection to the connected physical access control systems (PACS) must be in place.
Configure RCO Service data fields
The RCO data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.
To connect to a PACS system:
- Log in to Physical Access admin panel as an admin user.
All configured PACS connector services are listed, as well as Generic configurations to define the messaging queue. - Click on a system to do updates.
All database entries are listed. - To update an entry, click on the icon
. Edit as needed and then click Update.
- To create an entry, click on +Create. Select Group, enter Key, Value and Index, and then click Create.
group: messagingqueue
key | Data type | Required or Optional | Description |
---|---|---|---|
server | string | Required | IP Address of Message Queue Server. If it is installed on the local server then we can use localhost. If we are accessing this server remotely then need to mention IP address. |
username | string | Required | Username of message queue server. Default value: “guest” |
password | string | Required | Password of message queue server. Default value: “guest” |
system | string | Required | Defines which messaging queue to be used, either "rabbitmq" or "azureservicebus". Default value: "rabbitmq" |
group: general
key | Data type | Required or Optional | Description |
---|---|---|---|
deleteUserOnNoEntitlement | string | Optional | Defines if the user shall be deleted if no active entitlement assignment are present for that user. Valid values: Default: |
deleteUserOnNoAccessToken | string | Optional | Defines if the user shall be deleted if no active access tokens are present for that user. Valid values: Default: |
heartbeatInterval | int | Optional | Heartbeat interval is the time difference between two successive heartbeats, and it is used to know if the system is in active (running) or in inactive (stopped) state. Default value and minimum value: 60 seconds. If it is set less than 60 seconds, it will be considered as 60 seconds to update the status. |
group: rco.system
key | Data type | Required or Optional | Description |
---|---|---|---|
systemName | string | Optional | The name of the RCO system. Default: |
username | string | Optional | The username that will be used when logging in to the RCO system. Default: |
password | string | Optional | The password that will be used when logging in to the RCO admin service. Default: |
systemId | string | Required | System ID of RCO system. Default: |
apiType | string | Required | API Type of RCO admin service. Default: |
apiKey | string | Required | API Key provided with RCO M5 License from RCO. Default: |
group: rco.general
key | Data type | Required or Optional | Description |
---|---|---|---|
apiUrl | string | Required | API URL of RCO admin Restful Service of RCO M5 Admin Service. Default: |
recordFetchLimit | string | Required | API data import limit for entitlements from RCO Admin API. By default it value is -1 and it loads all entitlements available in PACS system. Default: -1 |
useDomainNames | bool | Optional | Whether to include the domain name in the name of entitlements imported in Physical Access. |
domainNameSeparator | string | Optional | The string that will separate the domain name and the name of the access group. |
group: rco.export
key | Data type | Required or Optional | Description |
---|---|---|---|
layoutIdentifierType | string | Required | This is a type of identifier which we want to use to refer layout of access token. |
group: export
key | Data type | Required or Optional | Description | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
userfieldmappings | string | Optional |
User column fields can be sent by adding the configuration The following table shows sample configurations for
RCO R-CARD M5 Admin API does not support standard mappings for "Ssn", "Reference" and "Extra" fields, user can map them to Custom-fields and make them visible on RCO R-CARD M5 UI by configuring user data fields(Menu->settings/settings/system/User data fields). |
group: rco.card.mapping.default
This group defines how to export card numbers by default, when a card’s layout does not have a specific mapping.
key | Data type | Required or Optional | Description |
---|---|---|---|
layout | string | Required | The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once. |
cardNumberIdentifier | string | Optional | The default identifier type to read card numbers. Default: |
format | string | Optional | The format that the card number should be converted into before exporting it to RCO. Valid values: Default: |
length | int | Optional | The length that the card number should be trimmed (leading digits) or padded (with leading zeroes) to after converting it. Default: 9 |
group: rco.card.mapping
This group contains compound configuration elements using the config_index column. For each unique config_index value in this group, each key defined below must be defined exactly once. Note that this group is not required as a whole, and should only be used if you have specific requirements for one or more card layouts.
key | Data type | Required or Optional | Description |
---|---|---|---|
layout | string | Optional | The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once. |
cardNumberIdentifier | string | Optional | This indicates the identifier for card number. |
format | string | Optional | The format that the card number should be converted into before exporting it to RCO. Valid values: |
length | int | Optional | The length that the card number should be trimmed (leading digits) or padded (with leading zeroes) to after converting it. |
Example
Example configuration for card mapping settings:
system | key | value | group | index |
---|---|---|---|---|
RCOM5 | layout | LinearReverse | rco.card.mapping | 1 |
RCOM5 | cardNumberIdentifier | mifare | rco.card.mapping | 1 |
RCOM5 | length | 9 | rco.card.mapping | 1 |
RCOM5 | format | LinearReverse | rco.card.mapping | 1 |
RCOM5 | layout | skip | rco.card.mapping | 2 |
RCOM5 | cardNumberIdentifier | mifare | rco.card.mapping | 2 |
RCOM5 | length | 9 | rco.card.mapping | 2 |
RCOM5 | format | skip | rco.card.mapping | 2 |
Restart service
Restart the RCO R-CARD M5 Admin API connector service:
Restart Physical Access RCO R-CARD M5 Admin API connectorcd <SMARTIDHOME>/compose/physicalaccess docker-compose restart smartid-pa-rcom5
This article is valid for Smart ID 22.04 and later.