Pipelines {#pipelines}
All fields are required unless otherwise stated in the description.
Apacs2FA {#apacs2fa}
The Apacs2FA pipeline implements custom two-factor authentication for the Apacs service. Listening to events that occurred when reading the card, as well as face detection events. They are matched by their source. When the first factor arrives with a certain source, then the second factor starts waiting, the time for waiting for it is set in the expiry_time setting, as soon as it is received, the validation of this pair begins.
- The similarity of the best matching candidate must not be lower than that specified in the min_similarity setting.
- The card number received from the reader must match the card number of the person in the Luna list.
Upon completion of the authentication procedure, the corresponding text is displayed on the screen of the device. After successful validation, the card number is sent to the corresponding output of the Gate Ethernet Wiegand controller.
To create a pipeline, you need to specify (Table 94):
Table 94. Pipeline settings
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | Pipeline name set by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| luna_id | Dropdown list to select the Luna Service ID in Access. | - | - |
| luna_id | Luna service identifier in Access | Dropdown list for service selection | - |
| apacs_id | Unique identifier of the Apacs service in Access | Dropdown list for service selection | - |
| min_face_similarity | Minimum face similarity threshold when performing verification. | The value is formed at the design stage and corrected at the testing stage. | 0.00...1.00 |
| unknown_card_message | Message when sending an unknown card to make an access decision. | Any text names. Only Latin characters are supported. It is not recommended to enter more than 50 characters. | The card has been read and sent to the controller |
| waiting_time_exceeded_message | Message when the second factor timed out | Any text names. Latin and Cyrillic input is supported. It is not recommended to enter more than 50 characters. | Timeout exceeded |
| access_denied_card | Card number of the user created to notify about unsuccessful passes. You must specify the number so that in the connected ACS you can see the log that the authorization failed. | - | None |
| use_cards_without_face | Using and sending to the controller cards that are not linked to faces | On - send | On |
| Off - do not send |
CreateBastionEvent {#createbastionevent}
The pipeline works together with the Bastion ACS.
When single-factor authentication is enabled on the access point, it listens for ResultMatchEvent events and generates a BastionEvent event.
When the enable_negative_events mode is enabled, additionally sends a message to the terminal upon a negative matching event (required only for integration with Bastion 3).
If two-factor authentication is enabled, a request for access confirmation to the ACS is made.
The following settings are used when creating a new pipeline (Table 95):
Table 95. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name defined by the user | Any text names. Latin and Cyrillic characters are supported. It is not recommended to enter more than 30 characters. | - |
| bio_system_id | Selecting the LP5/CBS service name in Access. | - | - |
| bastion_id | Drop-down list for selecting the Bastion device ID used in the integration. Specified in Access. | - | - |
| enable_negative_events | Sends messages to the terminal when the matching result is below the min_face_similarity threshold (configured in the pipeline for receiving data from the biometric system). Only for Bastion 3 |
On - enable, Off - disable | Off |
Custom2FA {#custom2fa}
The Custom2FA pipeline implements custom two-factor authentication. Card swiping events are listened to, as well as regular face detection events. Events are matched by their source and saved to the mapping. When the first factor arrives with a specific source, the waiting for the second factor starts. The time for waiting for it is set in the expiry_time setting, as soon as it is received, the validation of this pair begins:
- the similarity of the best matching candidate must not be lower than that specified in the min_face_similarity setting;
- the card number received from the reader must match the card number of the face in the Luna list.
Upon completion of the authentication procedure, the corresponding text is displayed on the device screen. After successful validation, the card number is sent to the appropriate output of the Gate Ethernet Wiegand or WGNetConverter controller.
The following settings are used when creating a new pipeline (Table 96):
Table 96. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name set by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| bio_system_id | Selecting the LP5/CBS service name in Access. | - | - |
| expiry_time | Time limit in seconds to get the second factor. | 0...10 | 5 |
| unknown_card_message | Message when sending an unknown card to decide on access | Any text names. Only Latin characters are supported. It is not recommended to enter more than 50 characters. | The card has been read and sent to the controller |
| waiting_time_exceeded_message | Message when the second factor timed out | Any text names. Latin and Cyrillic input is supported. It is not recommended to enter more than 50 characters. | Timeout exceeded |
| use_cards_without_face | Using and sending to the controller cards that are not linked to faces | On - send | On |
| Off - do not send |
LunaEventListener {#lunaeventlistener}
LunaEventListener listens to events from Luna generated by Luna internal service, LunaStreams or any other external software. Sends maps to controller or converter and can send messages to device.
The following settings are used when creating a new pipeline (Table 97):
Table 97. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | User-defined pipeline name | Any text names. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 30 characters. | - |
| luna_id | Luna service ID in the system | - | - |
| min_face_similarity | Minimum face similarity threshold when performing verification. | The value is formed at the design stage and corrected at the testing stage. | 0.00...1.00 |
| enable_fake_events | Handling requests with failed Liveness checks to view such events. For activation, the enable_fake_events parameter in the SendToLuna pipeline must be active |
On - handle | Off |
| Off - do not process |
MatchByPhoto {#matchbyphotoincbs}
Requests a descriptor in the CBS and extracts the candidate from its database using its identifier.
When working with devices and controllers, it is necessary to connect pipelines SendToDevice and SendToController, respectively.
When creating a new pipeline, the following settings are used (Table 98):
Table 98. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| bio_system_id | Unique CBS service identifier | - | - |
| pacs_id | Unique service identifier in Access | Dropdown list for service selection | - |
| min_face_similarity | Minimum face similarity threshold when performing verification. | The value is formed at the design stage and corrected at the testing stage. | 0.00...1.00 |
| retry_entry_sleep_interval | Pause for reattempting the passage | >0 или None | 5 |
MatchByPhotoInCbsAlpha {#matchbyphotoincbsalpha}
Requests a descriptor in CBS Alpha and extracts the candidate from its database using its identifier. With the received data (candidate and source name), an event is created and a SuccessMatchEvent is sent to the queue.
When working with devices and controllers, it is necessary to connect pipelines SendToDevice and SendToController, respectively.
When creating a new pipeline, the following settings are used (Table 99):
Table 99. Pipeline settings.
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined pipeline name | Any text names. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 30 characters. | - |
| bio_system_id | The unique identifier of the CBS Alpha service | - | - |
| pacs_id | Unique service identifier in Access | Dropdown list for service selection | - |
| min_face_similarity | The minimum threshold for facial similarity during verification. | The value is formed at the design stage and adjusted at the testing stage. | 0,00...1,00 |
| retry_entry_sleep_interval | Pause for reattempting the passage | 1...10 | 5 |
| only_cbs_list | Switching lists for matching | On - switching to work only with the KBS list | Off |
| Off - switching to work with two lists |
MatchInformerWebHook {#matchinformerwebhook}
Monitors events from a biometric system (LP5 or CBS), retrieves candidate information and sends it to an external service via a webhook. If no candidate is found, returns an empty best_candidate value.
The pipeline is required for solutions where Access needs to pass data from related components to external systems beyond the proposed integrations.
The template of the returned data:
{
source: str, best_candidate:
{
person_id: str, fullname: str | None, descriptor_id: str | None = None
}
}
Description:
- source - device name;
- best_candidate - candidate data;
- person_id - candidate ID in ACS;
- fullname - candidate full name;
- descriptor_id - descriptor ID;
To create a pipeline, you need to specify (Table 100):
Table 100. Pipeline settings
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | Pipeline name specified by the user | Any text names. Latin and Cyrillic characters are supported. It is not recommended to enter more than 30 characters. | - |
| host | IP address or domain name of the target server | IP address in the form X.X.X.X. or site.domain. | - |
| port | Target server port | - | - |
| urn | urn for connecting to an external service | - | - |
| enable_ssl | Data encryption method for network transmission. Depends on the network type in the solution. | On - https | Off |
| Off - http |
MatchInformerWebSocket {#matchinformerwebsocket}
Tracks ResultMatchEvent events from the biometric system (LP5 or CBS), extracts candidate information, and sends a JSON to all connected clients via websocket. If no candidate is found, it returns an empty best_candidate value. For authentication, it is necessary to add an "Authentication" header with the token from the component information.
The pipeline is necessary for solutions when Access needs to pass data from linked components to external systems beyond the proposed integrations.
The template of the returned data:
{
source: str, best_candidate:
{
person_id: str, fullname: str | None, descriptor_id: str | None = None
}
}
- source - device name;
- best_candidate - candidate data;
- person_id - candidate ID in ACS;
- fullname - candidate full name;
- descriptor_id - descriptor ID;
To create a pipeline, you need to specify (Table 101):
Table 101. Pipeline settings
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | Pipeline name specified by the user | Any text names. Latin and Cyrillic characters are supported. It is not recommended to enter more than 30 characters. | - |
| vl_access_host | IP address of the server where Access is installed | IP address in the format X.X.X.X or site.domain | - |
| vl_access_port | Server port where Access is deployed | - | 9091 |
SendCardToR20Face {#sendcardtor20face}
The pipeline listens to the queue of SuccessMatchEvent events, validates the received event for the presence of a candidate, the level of compliance, and the presence of a card number. Then the device is searched by the name of the event source and the card number is sent to this device.
To create a pipeline, you need to specify (Table 102):
Table 102. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
SendCarsToLaurent {#sendcarstolaurent}
A pipeline for sending events from LunaCars to Laurent. Listens to the Event event queue and generates SigurCarEvent events.
To create a pipeline, you need to specify (Table 103):
Table 103. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| controller_id | UUID of Laurent controller in Access | - | - |
| relay_{N}_scenario_id | UUID Scenario in LUNA CARS Analytics, according to which the license plate is checked for the relay {N}. | - | - |
SendCarsToSigur {#sendcarstosigur}
A pipeline for sending events from LunaCars to Sigur. Listens to the Event event queue and generates SigurCarEvent events.
To create a pipeline, you need to specify (Table 104):
Table 104. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
SendThermalEventToLuna {#sendthermaleventtoluna}
Listens to the heat detection event queue and generates events in Luna. To launch, specify the component_id of the Luna service running in the system. The pipeline works with several lists: default list and blacklist. It distributes the received data between lists depending on the set thresholds for the lower and upper temperature values.
To create a pipeline, you need to specify (Table 105):
Table 105. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| luna_id | Luna service ID in the system | - | - |
| handler_id | UUID of the passage event handler, created in Luna | - | - |
| black_list_id | Luna list ID with which the device will synchronize people who are denied access (optional) | The ID of the list created in Luna | - |
| to_high_temperature | The upper threshold of a person's temperature at which a person cannot be allowed to pass | 3## 37 | |
| to_low_temperature | The lower threshold of a person's temperature at which a person cannot be allowed to pass | 3## 35 | |
| use_lists | On — match; | Off | |
| Off — do not match | |||
| min_face_similarity | Minimum face similarity threshold when performing verification. | The value is formed at the design stage and corrected at the testing stage. | 0.00...1.00 |
SendToBars {#sendtobars}
Listens to the LunaEvent, DoorEvent event queues and generates the BarsEvent event.
To create a pipeline, you need to specify (Table 106):
Table 106. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| luna_id | Drop-down list with Luna service IDs in Access | - | - |
| bars_host | IP address or network name of the PC with installed Bars server | - | - |
| bars_port | Bars server port | ||
| enable_ssl | Method of data encryption during transmission over the network. Depends on the type of network in the solution. | On - https | Off |
| Off - http | |||
| retry_delay_sec | Pause for reattempting the passage | 1...10 | 5 |
| min_face_similarity | Minimum face similarity threshold when performing verification | The value is formed at the design stage and corrected at the testing stage (0,00...1,00) | 0,7 |
SendToController {#sendtocontroller}
Sends a relay opening signal to the device by the name of the event source.
To create a pipeline, you need to specify (Table 107):
Table 107. Pipeline settings
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined pipeline name | Any text names. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 30 characters. | - |
SendToDevice {#sendtodevice}
Sends a signal to open the relay to the device by the name of the event source and displays the text on the screen.
To create a pipeline, you need to specify (Table 108):
Table 108. Pipeline settings
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined pipeline name | Any text names. Latin and Cyrillic characters are supported. It is not recommended to enter more than 30 characters. | - |
| successful_pass_message_template | Message upon successful identification. To display the user's name on the terminal screen, upon successful identification, you must use the FULL name variables. The word order in the welcome message can be any. | Any text names and full NAME variables. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 24 characters. | Welcome |
| unsuccessful_pass_message | Message in case of unsuccessful identification | Any text names. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 24 characters. | The person has not been identified |
SendToGrgFaster {#sendtogrgfaster}
It is designed to interact with the MatchPyPhoto pipeline and the GrgFaster device.
To create a pipeline, you need to specify (Table 109):
Table 109. Pipeline settings
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined pipeline name | Any text names. Latin and Cyrillic characters are supported. It is not recommended to enter more than 30 characters. | - |
| successful_pass_message_template | Message upon successful identification. To display the user's name on the terminal screen, upon successful identification, you must use the NAME variables. The word order in the welcome message can be any. | Any text names and full NAME variables. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 24 characters. | - |
| facility_code | A parameter for entering card numbers for their identification by the system. It will be added for each card number before being sent to the controller | - | - |
SendToLuna {#sendtoluna}
The pipeline sends the received FaceDetectionEvent events to Luna.
To create a pipeline, you need to specify (Table 110):
Table 110. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| luna_id | Luna service ID in the system | - | - |
| enable_fake_events | Submitting faces with failed liveness to view Liveness hack attempts. To activate, the enable_fake_events parameter in the LunaEventListener pipeline must be active |
On - send | Off |
| Off - do not send |
SendToParsec {#sendtoparsec}
Listens to the queue of LunaEvent and SuccessMatchEvent events in Luna and generates the ParsecEvent event.
To create a pipeline, you need to specify (Table 111):
Table 111. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| luna_id | Drop-down list with Luna service IDs in Access | - | - |
| parsec_id | Unique ID of the Parsec device used in the integration.Specified in Access | - | - |
SendToSalto {#sendtosalto}
Listens to the ResultMatchEvent event queue from the MatchByPhoto pipeline, in case of successful face validation from the event, sends request to the Salto service to pass through the access point and displays the result of successfull/unsuccessfull pass on the screen of device.
To create a pipeline, you need to specify (Table 112):
Table 112. Pipeline settings
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | Pipeline name set by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| successful_pass_message_template | Message upon successful identification. To display the user's name on the terminal screen, upon successful identification, you must use the FULL name variables. The word order in the welcome message can be any. | Any text names and full NAME variables. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 24 characters. | Welcome |
| unsuccessful_pass_message | Message in case of unsuccessful identification | Any text names. Latin and Cyrillic alphabet input is supported. It is not recommended to enter more than 24 characters. | The person has not been identified |
SendToSigur {#sendtosigur}
Listens to the queue of LunaEvent and SuccessMatchEvent events in Luna and generates the SigurEvent event.
To create a pipeline, you need to specify (Table 113):
Table 113. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| sigur_id | Unique ID of the Sigur device used in the integration. Specified in Access | - | - |
Strazh2FA {#strazh2fa}
If the controller is not in 2FA mode: Listens to the ResultMatchEvent event queue from the MatchByPhoto pipeline, in case of successful face validation in the event, sends a request to the Strazh service to pass through the access point.
If the controller is in 2FA mode, the events that occurred when reading the card, as well as the usual face detection events, are listened to. They are matched by their source. When the first factor arrives with a certain source, the waiting for the second factor is started, the waiting time is set in the second_factor_expiry_time setting in the StrazhController, as soon as it is received, validation of this pair begins.
To create a pipeline, you need to specify (Table 114):
Table 114. Pipeline settings
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Pipeline name given by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| waiting_time_exceeded_message | Message when the second factor timed out | Any text names. Latin and Cyrillic input is supported. It is not recommended to enter more than 50 characters. | Timeout exceeded |
| strazh_id | Dropdown list to select Strazh service ID in Access. | - | - |