APACS ACS#
Here and further in the text:
- APACS - ACS;
- Apacs - Access service.
Software integrations of the APACS ACS with biometric systems are implemented to ensure the passage of recognized persons through a turnstile/door with a magnetic lock.
- The supported version of the APACS ACS is 8.3.1.0.
Connection of AAM LAN 8W and AAN controllers is supported.
Supported integration options for APACS ACS#
The face recognition device generates an event, Access passes the event to LP5, LP5 processes the event and returns the result to Access for further processing.
Transfer of user data from the ACS to LP5 occurs using two mechanisms:
- replication - the mechanism for the initial transfer of user data;
- synchronization - the mechanism for periodic transfer of user data when the composition/data of users changes.
For the synchronization/replication settings, see the service settings.
Each integration with LP5 (Table 31) uses the Luna service.
If the terminal does not have data output facilities (e.g., a screen), the SendToDevice pipeline is not required.
Table 31. LP5 integration options
| Service | Device | Pipeline |
|---|---|---|
| APACS + ApacsController | LunaFast4A1 | SendToLuna + Apacs2FA / MatchByPhoto + SendToDevice + SendToController |
| APACS | GrgFaster | MatchByPhoto + SendToGrgFaster |
Each integration with CBS (Table 32) uses the CBS service.
Table 32. CBS integration options
Standard integration using Apacs#
Integration 1f (Figure 48) and (Table 33).
Table 33. Integration description
| Component | Description |
|---|---|
| Person | A person wishing to pass through a passage point. |
| Passage point | A set of components used to control human access. More than one passage point can be connected, limited by the ACS license. A passage point can be used for both entry and exit. Each direction uses its own reader and video data source. |
| Video source | A device for extracting a frame of a person's face. Can be either a biometric terminal (LUNA FAST 4A1 and others) or a camera connected via FaceStream. A biometric terminal allows you to create feedback to show a person information about the passage. |
| Device ... | An Access component for receiving data from a video data source. Selected based on the device used. |
| MatchByPhoto pipeline | Access component for interacting with the BS. When working with a biometric terminal, it is necessary to additionally connect the SendToDevice |
| Biometric system | A system for comparing a reference photo of a person and the best frame received from a video data source. We can be either Luna, or supporting CBS. |
| Apacs service | An Access component for replicating/synchronizing employees from the ACS and listening to ACS events. |
| SendToController pipeline | Access component for sending the card number and full name to the ApacsController after matching the person and confirming the card number in Access. |
| ApacsController controller | Access component for sending the card number to the ACS. When using the gate or pusr controller, it is necessary to use the corresponding component. When using a biometric terminal, sends the employee's full name to it for display on the screen. |
| APACS ACS | Central software for working with Apacs. Stores employee data and makes a decision on granting access. |
| Turnstile | Barrier device for access control |
Integration 2f (Figure 49) and (Table 34).
Table 34. Integration description
| Component | Description |
|---|---|
| Person | A person wishing to pass through a passage point. |
| Passage point | A set of components used to control human access. More than one passage point can be connected, limited by the ACS license. A passage point can be used for both entry and exit. Each direction uses its own reader and video data source. |
| Reader | A device for receiving access card data. |
| Video source | A device for extracting a frame of a person's face. Can be either a biometric terminal (LUNA FAST 4A1 and others) or a camera connected via FaceStream. |
| Device ... | Access component for receiving data from a video data source. Selected based on the device used. |
| SendToLuna pipeline | Access component for sending photos to LP5. |
| Luna service | Access component. which listens for matching events from LP5. |
| LP5 | Biometric system for comparing a reference photo of a person and the best frame received from a video data source. |
| Apacs2FA pipeline | Access component, which receives a card number event and a person matching event. Compares the number received from the device with the number corresponding to the person and, if they match, passes the card number to ApacsController. |
| ApacsController controller | Access component for sending the card number to the ACS. When using the gate or pusr controller, you must use the appropriate component. |
| Apacs Service | Access component for replicating/synchronizing employees from the ACS and listening to ACS events. |
| APACS ACS | Central software for working with Apacs. Stores employee data and makes decisions about granting access. |
| Turnstile | Barrier device for access control |
Guest pass with two-factor authentication#
If you need to pass a guest with active two-factor authentication and no possibility to get a guest photo, you need to perform the following steps:
1․ Add a person to the ACS without a photo with full name and card number.
2․ Enable the use_cards_without_face option in the Apacs2FA pipeline settings.
Creating a user in RabbitMQ#
To create a user in RabbitMQ with read- and write-only rights to a specific queue, follow these steps:
Available on the server where Apacs is deployed.
1․ Open the Windows command prompt.
2․ Navigate to the directory of executable files for RabbitMQ:
cd "c:\Program Files\RabbitMQ Server\rabbitmq_server-*.*.*\sbin"
Substitute the value of the RabbitMQ Server version instead of the
*character.
3․ Add the user to RabbitMQ:
rabbitmqctl add_user <login> <password>
Substitute your own values instead of
<login>and<password>. For more information, see the official website.
4․ Add rights to the user:
rabbitmqctl set_permissions -p / <login> "^apc.webapi.vl-access-2$" "^apc.webapi.vl-access-2$" "^apc.webapi.vl-access-2$"
Substitute your own value instead of
<login>. For more information, see the official website.
These rights make it possible to create an exchange for the Apacs ACS in order to queue events about user changes. These rights also allow you to read events from this queue for further synchronization of users for Access.
Methods of interaction with Apacs#
Beginning of endpoint for all requests (Table 35): /v1/webapi/v3.
Table 35. APACS methods
| Task | Method | Description |
|---|---|---|
| Log in | POST /session/login/ | Access authorization in ACS. Authorization occurs when adding a service and before logging out of the system |
| Log out of the system | POST /session/logout/ | Sent when restarting or deleting the Apacs component |
| Get information about ACS | GET /webapi/ping/ | Checking ACS availability once per minute. |
| Create a request | POST /query/ | Create a request (getting employee data, card number, etc.) and get the request ID (query_id) |
| Get query result | POST /query/{query_id}/500/ | Request to get result (500 - number of objects), with object ID (object_id). |
| Get data by ID | POST /object/id/{object_id}/ | Get employee data |
| Send AAM card | POST /object/execCmd/{object_id} /cmdEmulateCardByNumber/ | Send card to AAM/AAN controller |
| Send Apollo card | POST /object/execCmd/{object_id} /cmdSendCard/ | Send card to Apollo controller |
Apacs interaction process diagrams#
Connecting the Apacs service#
Sequence diagram (Figure 50).
1․ The user added the Apacs service to Access. 2․ Access sends a request for authorization to the ACS. 3․ The ACS returns a token for authorization. The token has a lifetime, after which Access re-performs authorization. 4․ Access sends a request to obtain information about the ACS. 5․ The ACS returns information. Access uses only the ACS version to check compatibility and user information in the UI. 6․ Access sends a request to create a queue in rabbitMQ to view employee events. 7․ The ACS returns the queue ID. 8․ Access creates a request to replicate employees from the ACS. 9․ ACS returns query_id. 10․ Access sends a request to obtain results for the replication request. 11․ ACS returns person_id, full name, status, photo, date and time of the last change. 12․ Access sends a request with employee photos to the BS to extract descriptor_id (face_id). 13․ BS returns descriptor_id. 14․ Access saves information on each employee in local storage.
Processing Apacs events with 1 factor#
Sequence diagram (Figure 51).
1․ Employee at the biometric terminal at the checkpoint. 2․ The terminal sends the best shot of the employee to Access. 3․ Access sends a photo of the employee to the Biometric System. 4․ The BS compares the photo from the terminal and the one saved in the database. 5․ The BS returns the matching result to Access. 6․ Access compares the face card number and the card number received from the employee. 7․ Access sends the card number to the ACS. 8․ The ACS makes a decision to allow the person through.
Processing Apacs events with 2 factors#
Sequence diagram (Figure 52).
1․ Employee at the biometric terminal at the checkpoint. 2․ The terminal sends the best photo of the employee to Access. 3․ Access sends the employee's photo to the Biometric System. 4․ The BS compares the photo from the terminal and the one saved in the database. 5․ The BS returns the matching result to Access. 6․ Employee applies the card (the card use subprocess does not depend on photo processing, but, as a rule, the photo arrives first). 7․ Access compares the face card number and the card number received from the employee. 8․ Access sends the card number to the ACS. 9․ The ACS makes a decision on whether to allow the person through.
Apacs FAQ#
1․ What is Facility_code?
Card numbers in Apacs have an offset that includes the organization number. Access automatically cuts off the facility code when comparing card numbers (for example, an employee has a card 070.56458, in the ACS it is entered as 156458, where 1 is the offset).
2․ The person has not replicated, what should I do?
If an employee replication error appears in the log during replication or the employee is not in the LP5 list (can be seen via LUNA CLEMENTINE), although he is in the ACS, then you need to go to the employee data > Accesses in the ACS, disable Activity and save the changes. Then enable Activity and save the changes.