pivCLASS Template XML File


Overview

The integration between Access It! Universal and pivCLASS utilizes a XML file to transform the data from the smart card to the Access It! Universal database. Depending on system use, the XML file may need to be manually adjusted. It is recommended a backup of the XML file be performed prior to making any adjustments. Any changes made in the XML file will require the pivCLASS PACS service to be restarted to take effect.

Card Number

The template.xml file may need to be modified depending on the cards used in the system. Below are configurations required for a 75 bit PIV card, as well as a 128 bit PIV-I card.

75 bit PIV Card

Stored in the 75 bit PIV Card is a FASC-N (Federal Agency Smart Credential Number) that is composed of the following.

  • 4 digit Agency Code
  • 4 digit System Code
  • 6 digit Credential Number
  • 8 digit Expiration Date (YYYYMMDD)

It is recommended the template.xml file be configured so the combination of Agency Code, System Code, Credential number is stored as the card number in the Access It! Universal database. To accomplish this, the following code must be used within the Card.Cardnumber section of the template.xml file.

  • <!-- Card.CardNumber -->
    <item>
    <card type="PIV">$substring([CHUID.FASC-N], 0, 14)</card>
    <pacs cardIdentifier="true">Card.Number</pacs>
    </item>

Access It! Universal will need to be configured to use this custom created 75 bit format as outlined here: 75 Bit Wiegand pivCLASS Card Format.

128 bit PIV-I Card

Stored in the 128bit PIV-I Card is a 128bit GUID (Globally Unique Identifier). This GUID is unique to all PIV-I cards. Mercury-Security and RS2 Technologies introduced a feature in Access It! Universal 4.0.25 that allows for a cardholder to map a GUID to a randomly generated card number. To accomplish this, the following code must be used within the Card.Cardnumber section of the template.xml file.

The default template.xml distributed with pivCLASS 1.2.266.0 already contains the code required to support the 128 bit GUID

  • <!-- Creates a unique ID for PIV, CIV, PIV-C, and PIV-I cards -->
    <generate id="GeneratedID">99999999$padleft([GeneratedID], 6, 0)</generate>
    <!-- Card.CardNumber -->
    <item>
    <card type="PIVI"><card src="[GeneratedID]" pattern="\d+">
    [GeneratedID]</card></card>
    <pacscardIdentifier="true">Card.Number</pacs>
    </item>

The following code must be used within the Card.LargeEncodedID section:

  • <!-- Card.LargeEncodedCardID -->
    <!-- This will populate the LargeEncodedCardID field with the PIV-I GUID or the PIV full FASC-N -->
    <item>
    <card type="PIVI">[CHUID.GUID]</card>
    <pacs>Card.LargeEncodedCardID</pacs>
    </item>

Access Levels

The template.xml file will need to be required in order to automatically assign Access Levels to a card when imported. The pivCLASS integration can assign Access Levels by prompting the user to select an Access Level while importing, or forcing the pivCLASS integration to assign a static Access Level.

Dynamically Provide List Of Access Levels To Assign

In order for pivCLASS to provide a list of Access Levels, a Data Import must be performed within the PACS Service Administration

The template.xml will need this portion of code to un-commented out within the AccessLevel field.

  • <!-- UserField: AccessLevel.1 -->
    <userfield id="AccessLevel.1" description="Select Access Level:">
    <datasource source="accessrights"/>
    </userfield>
    <item>
    <card pattern="\w+" src="[AccessLevel.1]">[AccessLevel.1]</card><pacs>Card.AccessLevel.1</pacs>
    </item>

Static Access Level

To assign a static AccessLevel, the PACSRecordID needs to be obtained for the Access Level. This ID can be obtained by querying the AccessRights table within the pivCLASS SQL database.

  • <item>
    <card>ENTER_THE_PACSRECORDID</card>
    <pacs>Card.AccessLevel.1</pacs>
    </item>