Set up integration with Autec XMP-Babylon

This article includes updates for Physical Access 26.04.

This article describes how to configure the Autec XMP-Babylon Service, to enable integration between the Smart ID Physical Access component in Smart ID Identity Manager and Autec XMP-Babylon via a RESTful API.

XMP-Babylon is an Access Control System provided by Autec and managed via a Restful API. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in XMP-Babylon.

For details on which data can be imported and exported from XMP-Babylon, see About import and export to Physical Access.

Prerequisites

The following prerequisites apply:

Physical Access and XMP-Babylon Docker container/service are installed. See Deploy Smart ID.
Autec XMP-Babylon with XMPRestAPI 1.4 is required, Physical Access tested on it.
The message queue server must be running.
If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar).
A working network connection to the connected physical access control systems (PACS) must be in place.

Configure XMP-Babylon Service data fields

The XMP-Babylon data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

Handling sensitive configurations

To secure sensitive data like passwords, connections strings, API endpoints etc., AES 256 encryption is added for each configuration while stored in the database. The data is not displayed in the UI.

Any configuration can be marked as sensitive data field using a backend database update.

Configure database

For information about how to connect to a PACS system, see Connect to a PACS system in PACS admin panel.

For information about group: messagingqueue, see Physical Access database - common parameters.

group: babylon.system

Key	Data type	Required or Optional	Description
username	string	Required	The username that will be used when logging in to the XMP-Babylon XMPRestAPI. Default: `babylon`
password	string	Required	The password that will be used when logging in to the XMP-Babylon XMPRestAPI. Default: `babylon`

Key

Data type

Required or Optional

Description

username

string

Required

The username that will be used when logging in to the XMP-Babylon XMPRestAPI.

Default: babylon

password

string

Required

The password that will be used when logging in to the XMP-Babylon XMPRestAPI.

Default: babylon

group: babylon.general

Key	Data type	Required or Optional	Description
apiUrl	string	Required	API URL of XMPRestAPI of Autec Babylon. Default: http://babylon:10000/

Key

Data type

Required or Optional

Description

apiUrl

string

Required

API URL of XMPRestAPI of Autec Babylon.

Default: http://babylon:10000/

group: babylon.export

Key	Data type	Required or Optional	Description
layoutIdentifierType	string	Required	This is a type of identifier which we want to use to refer layout of access token.

group: export

Key	Data type	Required or Optional	Description
userfieldmappings	string	Optional	`userfieldmappings` is used to export additional data of users to Autec Babylon. The value in is a combination of `table_name.value_of_type_column, field_id_of_babylon`. This configuration setting is the mapping between the Physical Access table field and XMP-Babylon user field Id. User column fields can be sent by adding the configuration `user.column_name, babylon_field_id`. XMP-Babylon XMPRestAPI does not support standard mappings for "Extra" fields, user can map them to Custom-fields and make them visible on Autec XMP-Babylon UI in Ext. data section.

Key

Data type

Required or Optional

Description

userfieldmappings

string

Optional

userfieldmappings is used to export additional data of users to Autec Babylon. The value in is a combination of table_name.value_of_type_column, field_id_of_babylon. This configuration setting is the mapping between the Physical Access table field and XMP-Babylon user field Id.

User column fields can be sent by adding the configuration user.column_name, babylon_field_id.

XMP-Babylon XMPRestAPI does not support standard mappings for "Extra" fields, user can map them to Custom-fields and make them visible on Autec XMP-Babylon UI in Ext. data section.

The following table shows sample configurations for userfieldmappings:

System	Key	Value	Group	Index
BABYLON	userfieldmappings	user.title,Field1	export	0
BABYLON	userfieldmappings	user.ssn,Field2	export	1
BABYLON	userfieldmappings	email.work,Field3	export	2
BABYLON	userfieldmappings	address.work,Field4	export	3
BABYLON	userfieldmappings	phone.mobile,Field5	export	4
BABYLON	userfieldmappings	useradditionalfield.EmploymentText,Field6	export	5

group: babylon.card.mapping.default

This group defines how to export card numbers by default, when a card’s layout does not have a specific mapping.

Key	Data type	Required or Optional	Description
layout	string	Required	The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once.
cardNumberIdentifier	string	Optional	The default identifier type to read card numbers. Default: `mifare`
format	string	Optional	The format that the card number should be converted into before exporting it to Babylon. Valid values: `Linear, LinearReverse, Block, BlockReverse`. Default: `Linear`
length	int	Optional	The length that the card number should be trimmed (leading digits) or padded (with leading zeroes) to after converting it. Default: 14

group: babylon.card.mapping

This group contains compound configuration elements using the config_index column. For each unique config_index value in this group, each key defined below must be defined exactly once. Note that this group is not required as a whole, and should only be used if you have specific requirements for one or more card layouts.

Key	Data type	Required or Optional	Description
layout	string	Optional	The name of the card layout to match (case insensitive) for this mapping. Each layout may only be mapped once.
cardNumberIdentifier	string	Optional	This indicates the identifier for card number.
format	string	Optional	The format that the card number should be converted into before exporting it to Babylon. Valid values: `Linear, LinearReverse, Block, BlockReverse`.
length	int	Optional	The length that the card number should be trimmed (leading digits) or padded (with leading zeroes) to after converting it.

Example

Example configuration for card mapping settings:

System	Key	Value	Group	Index
BABYLON	layout	LinearReverse	babylon.card.mapping	1
BABYLON	cardNumberIdentifier	mifare	babylon.card.mapping	1
BABYLON	length	14	babylon.card.mapping	1
BABYLON	format	LinearReverse	babylon.card.mapping	1
BABYLON	layout	skip	babylon.card.mapping	2
BABYLON	cardNumberIdentifier	mifare	babylon.card.mapping	2
BABYLON	length	15	babylon.card.mapping	2
BABYLON	format	skip	babylon.card.mapping	2

Restart service

Restart the Autec XMP-Babylon connector service:

cd <SMARTIDHOME>/compose/physicalaccess
docker-compose restart smartid-pa-babylon