MyQ Connector

SmartFace provides face biometry for various purposes including the access control. This module allows you to use face biometry to unlock your printer using MyQ without a need for any PIN, Access Card or physical Access Token. Communication between the SmartFace and the MyQ is done over the network.

How does it work#

The SmartFace provides face biometry by processing RTSP and Edge Streams from cameras. Such a camera can be mapped to a printer. On Each camera there are several processes that can be used, depending on your needs and configuration. This includes the features, such as Face Detection, Person Identification, Face Mask Detection, Liveness (Spoof) Check and Age and Gender Extraction.

The module connects to the SmartFace AccessController gRPC stream, process GRANTED notifications and creates a set of requests that Unlock a MyQ Printer.

Development#

The source code is available on our Github - MyQ Connector. To run application locally, follow these steps

• clone the https://github.com/innovatrics/smartface-integrations/ Github repository using the git commands (git clone https://github.com/innovatrics/smartface-integrations/) or download the code uzing the “Download Zip” button
• open terminal
• navigate to /src/MyQConnector within the git directory
• run dotnet run

Deployment#

The existing code can be deployed several environments. Please see below steps for deploying into Microsoft Windows, Docker environment (amd64) and Docker environment (arm64).

Download the repository, either by cloning https://github.com/innovatrics/smartface-integrations/ Github repository using the git commands (git clone https://github.com/innovatrics/smartface-integrations/) or download the code uzing the “Download Zip” button.

Deploy to Windows#

To deploy the application, follow these steps

• open terminal
• navigate to /src/MyQConnector
• run dotnet publish -c Release -r win10-x64 --self-contained true -p:ReadyToRun=false -p:PublishSingleFile=true -p:PublishTrimmed=false -p:IncludeNativeLibrariesForSelfExtract=true -p:IncludeAllContentForSelfExtract=true

Deploy to Docker (amd64)#

• navigate to the root of this repo
• run the following commands
• docker build -f src/MyQConnector/Dockerfile -t registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:0.1 .
• docker tag registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:0.1 registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:latest
• docker push registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:0.1
• docker push registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:latest

Deploy to Docker (arm64)#

• navigate to the root of this repo
• run the following commands
• docker build -f src/MyQConnector/arm.Dockerfile -t registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:0.1-arm .
• docker tag registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:0.1-arm registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:latest-arm
• docker push registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:0.1-arm
• docker push registry.gitlab.com/innovatrics/smartface/integrations-myqconnector:latest-arm

Configuration#

To run the deployed application configure the SmartFace Platform, the MyQ Server and do a configuration akin to your chosen environment:

• Connector on Windows
• Connector on Docker

SmartFace Platform#

Watchlistmember data#

The integration uses a label key Email. To allow a Watchlistmember to use the MyQ Connector the user needs to have such label added. For more information about how to enable labels and how to manage labels for Watchlistmembers, please read the guide.

Camera ID#

To map a camera to a printer you need to know the camera’s id. The integration supports both RTSP and Edge Cameras. We can find the value using REST API.

For the RTSP cameras use the endpoint   GET   /api/v1/Cameras and for the Edge cameras use the endpoint   GET   /api/v1/EdgeStreams.

Sample output of such endpoint would be similar as the snippet below. Please keep in mind, this is just a part of the outcome you will receive:

[
  {
    "spoofDetectorResourceIds": [
      "none"
    ],
    "id": "e4e6791c-92b2-4ab2-8086-20bdb8f5302f",
    "name": "Test Camera",
    "source": "rtsp://user:password@192.168.1.200:554/onvif/H.264/media.smp",
    "enabled": true,
    "faceDetectorConfig": {
      "minFaceSize": 35,
      "maxFaceSize": 600,
      "maxFaces": 20,
      "confidenceThreshold": 450
    },
...

Please note the value of the id. You will use it as <smartface-camera-id> within this guide.

MyQ Server#

Install your MyQ Server. Setup the users and user synchronization as per the MyQ Documentation. For a valid integration we need to setup a REST API app in the MyQ settings and we need to use the LDAP username sAMAccountName for the User properties Card and Personal number.

Create a REST API App#

Log into your MyQ installation as an administrator. Go into Settings > REST API Apps.

There you need to Add a new app. Choose a title, such as SmartFace Integration and add scopes: users and printers. The <clientID> and <clientSecret> will generated and available to you. Please note these values for your connector configuration.

Set up user properties#

Log into your MyQ installation as an administrator. Go into Settings > User Synchronization. Edit your User Synchronization (LDAP). Go into the Users tab.

In the right panel open CN=Users. Select a random user. Drag’n’Drop sAMAccountName onto the Card and Personal number properties in the left Users tab. Click Save.

Connector On Windows#

Run the deployed Windows application. To adjust the configuration please edit and configure the appsettings.json file. Re-run the application to apply changes.

Setup the Access Controller#

You can adjust the IP address <smartface-ip-address> and the port used by the SmartFace server’s Access Controller module that is being used as a provider of the GRANTED/DENY decisions.

"AccessController": {
        "Schema": "http",
        "Host": "<smartface-ip-address>",
        "Port": 5050
},

Setup MyQ Connector#

Use the <clientID> and <clientSecret> values set in the MyQ Server. Set <myq-server-hostname-or-ip> for the MyQ Server. For <smartface-rest-api-url-and-port> set the URL and port for the SmartFace Platform installation, such as http://localhost:8098. If you do not use SSL on the MyQ Server set <true-false> to true.

"MyQConfiguration":
{
    "clientId":"<clientID>",
    "clientSecret":"<clientSecret>",
    "scope":"users printers",
    "loginInfoType":1,
    "MyQHostname":"<myq-server-hostname-or-ip>",
    "MyQPort":8090,
    "SmartFaceURL":"<smartface-rest-api-url-and-port>",
    "BypassSslValidation":<true-false>
},

Define mappings between cameras and printers#

Add new mapping for each camera - printer pair. Value for <printer-serial-number> can be found in the MyQ Server. Click Settings > Printers. The Serial number is readable in the printers list or within the printer details under Information > Serial number.

"MyQMapping": [
    {
      "StreamId":"<smartface-camera-id>",
      "PrinterSn":"<printer-serial-number>"
    }
]

Connector On Docker#

Update docker-compose.yml file#

Add the following pattern to an existing docker compose:

  ...
  MyQConnector:
    image: ${REGISTRY}integrations-myqconnector:<version> 
    container_name: SFMyQConnector
    restart: unless-stopped
    env_file: .env.aepu

networks:
  default:
    external:
      name: sf-network

The <version> represents the current version number of the docker image. If you are not interested in a specific version, you can use latest or latest-arm depending on your deployment architecture.

Create new environmental file#

Create/add the file .env.myq into the same directory as where the docker-compose.yml file is located. Inside the file, switch the provided <values> for your values and credentials.

Content of the .env.myq

# Connection to access controller
AccessController__Schema=http
AccessController__Host=<smartface-ip-address>
AccessController__Port=5050

# General configuration
MyQConfiguration__clientId=<clientID>
MyQConfiguration__clientSecret=<clientSecret>
MyQConfiguration__scope=users printers
MyQConfiguration__loginInfoType=1
MyQConfiguration__MyQHostname=<myq-server-hostname-or-ip>
MyQConfiguration__MyQPort=8090
MyQConfiguration__SmartFaceURL=<smartface-rest-api-url-and-port>
MyQConfiguration__BypassSslValidation=<true-false>

# Camera to printer mapping
MyQMapping__0__StreamId=<smartface-camera-id>
MyQMapping__0__PrinterSn=<printer-serial-number>

Connection to access controller
You can adjust the IP address <values> and the port used by the SmartFace server’s Access Controller module that is being used as a provider of the GRANTED/DENY decisions.

General configuration
To get the <clientID> and <clientSecret> values you need to log into your MyQ installation as an administrator. Go into Settings > REST API Apps. There you need to Add a new app. Choose a title, such as SmartFace Integration and add scopes: users and printers. The <clientID> and <clientSecret> will generated and available to you.

Set <myq-server-hostname-or-ip> for the MyQ Server. For <smartface-rest-api-url-and-port> set the URL and port for the SmartFace Platform installation, such as http://localhost:8098. If you do not use SSL on the MyQ Server set <true-false> to true.

Camera to printer mapping Add new mapping for each camera - printer pair. Value for <printer-serial-number> can be found in the MyQ Server. Click Settings > Printers. The Serial number is readable in the printers list or within the printer details under Information > Serial number.

Apply changes to docker#

To apply changes above, use the command:

docker-compose up -d