1. Introduction

This manual describes the configuration of the server-side components of the GBS CardScan application. GBS CardScan is a web application that allows users to create layouts and process scanned cards with biometric and biographical information.

The configuration procedure should be done only after the installation step. For more information, refer to GBS Apps Setup Manual.

2. Configuration

The configurations steps are:

  1. Configure Tomcat;
  2. Configure Certificates;
  3. Generate encrypted password;
  4. Configure the config.properties file and Cardscan ip and port;

All steps are described below. An example config.properties file is found in the Configuration File Example section.

Danger

All lines must be present in the configuration file. Commenting or deleting lines may cause unexpected behavior. For further information, contact Griaule Support Team.

2.1. Tomcat Configuration

Edit the Tomcat configuration file to configure the certificates and port that the application will use.

vi /var/lib/tomcats/cardscan/conf/server.xml

To change the port, look for Connector port=. This is the port for the backend operations.

The default port for GBS CardScan is 8087.

2.2. Certificates Configuration

To enable SSL authentication, search for connector port= in the file /conf/server.xml.

There are two entries. The commented one is the configuration for SSL. Remove the comment delimiters <!-- and -->, and adjust these settings:

port="58194"
keystoreFile="/home/griaule/keystore"
keystorePass="password"
keyAlias="1"
clientAuth="true"
truststoreFile="/home/griaule/keystore"
truststorePass="password"

The parameter port should be the desired network port for the application.

Change the path of keystoreFile and truststoreFile to the proper values. Do the same for keystorePass and truststorePass.

The parameter clientAuth="true" will require authentication from server-side to client-side and from client-side to server-side. This means that the client will need to import the certificate in the browser to be able to access the application.

Warning

When clientAuth is set to true, the system administrator must provide the certificate.pfx file for the end-users.

2.3. Database password encryption

In the config.properties file, the jdbc.password parameter is an encrypted password. To generate the encrypted password, perform the following steps:

  1. Go to the following directory:

    cd /var/lib/tomcats/cardscan/webapps/gbs-cardscan-server/WEB-INF/lib

  2. Execute the command:

    java -cp gbs-common-db-<version>.jar com.griaule.commons.util.EncryptUtil <desiredPassword>

  3. The encrypted password will be displayed after the message: “Encrypted password is:”

Note

Store this encrypted password. It will be used in the next step.

2.4. Application properties file

To configure the application properties file, open with:

vi /var/lib/tomcats/cardscan/conf/config.properties

The most important changes in this configuration file are the jdbc.url, jdbc.username, jdbc.password and gbds.url properties. Configure the parameters according to the environment.

The complete configuration file is shown in the Configuration File Example section.

Note

Remember to substitute the correct encrypted password generated in the Database password encryption section in the file.

2.4.1. Setting up checking for OCR-read ID numbers

When importing multiple cards from a folder of a server, it’s possible to check if the OCR-read ID number of the card is within a range indicated in the name of the server folder.

To do so, in the server, name the folder according to the following pattern:

<folder_name>_<start_id>_<end_id>

For example, if the folder name is cards_1000_2000, the system will check if the OCR-read ID number is between 1000 and 2000. The ones that are not within this range will receive a Manual review pending status and will await manual review.

To enable this feature, in the config.properties file, add:

findRgInRegion=true
check.folder=true
keyId=<key_name>
remove.point.character=true

This will:

  • findRgInRegion: Optimize the OCR to read a larger region and look for the desired key.
  • check.folder: Validate if the ID number is within the expected range. If it is not, the card will be marked for manual review.
  • keyId: Name of the key that the system will look for. Example: RG.
  • remove.point.character: Remove all dots . and hyphens - from the ID number.

2.4.2. CardScan Configuration

The last step is configuring IP and port of the application that the end-user will access. It must be the same IP and port configured in the Tomcat Configuration section.

cardscan.ip=<ip>
cardscan.port=<port>
cardscan.protocol=<protocol>

Important

Make sure that the cardscan.ip, cardscan.port, and cardscan.protocol configuration parameters are correctly specified in the config.properties file. In many cases, the IP will be the same for various applications. However, each application will have a different and unique port.

3. Finish Configuration

After all configuration steps are complete, go back to the GBS Apps Setup Manual - Configuration Section.

4. Configuration File Example

This section shows an example of the config.properties file.

# GBS Cardscan Server

jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://192.168.0.200:3306
jdbc.username=root
#jdbc.password=CDrt8vbewA2YAubPNOLZkw==
#jdbc.password=SescVYZrpjEiiqEdviFwiQ==
jdbc.password=CDrt8vbewA2YAubPNOLZkw==
jdbc.dialect=org.hibernate.dialect.MySQLDialect
jdbc.showSql=false

gbds.url=http://192.168.0.200:8085
gbds.user=ranger
gbds.key=Griaule.123
gbds.logLevel=DEBUG
gbds.timeout=300

bcc.localPort=64041

fingerprint.useSDK=true

locale=en_us

segmentation.debug=true
segmentation.sizeFactor=2000.0
segmentation.fingerprint.minQuality=10
segmentation.fingerprint.extraction=false
segmentation.finishAction=CHECK

config.saveOriginalImagesOnDatabase=true
config.saveOriginalImagesOnGBDS=true
config.keepDatabaseOriginalImagesOnGBDSOK=true
config.keepDatabaseBiometricsOnGBDSOK=true
config.jpegQuality=95
config.threadNumber=8
config.maxZipFileSize=2048000000

# 2GB
config.useNSOCR=false

# Face quality warnings and errors
faceQuality.NO_EYES_AND_MOUTH=error
faceQuality.NO_CROP=error
faceQuality.NOT_SATURATED=error
faceQuality.FACE_TURNED_DOWN=error
faceQuality.FACE_TURNED_UP=error
faceQuality.FACE_TURNED_LEFT=error
faceQuality.FACE_TURNED_RIGHT=error
faceQuality.LOOKING_DOWN=error
faceQuality.LOOKING_UP=error
faceQuality.LOOKING_LEFT=error
faceQuality.LOOKING_RIGHT=error
faceQuality.USING_HEAVY_GLASSES=error
faceQuality.EYE_OBSTRUCTION=error
faceQuality.FACE_CORRECT_POSITION=error
faceQuality.NUMBER_OF_FACES=error
faceQuality.SHOULDER_CORRECT_POSITION=error
faceQuality.SHOULDER_TURNED_LEFT=error
faceQuality.SHOULDER_TURNED_RIGHT=error
faceQuality.TOO_CLOSED_EYES=error
faceQuality.TOO_OPENED_EYES=error
faceQuality.OPENED_MOUTH=error
faceQuality.SHOWING_TEETH=error
faceQuality.SMILING=error
faceQuality.RED_EYE=error
faceQuality.BLURRED_PICTURE=error
faceQuality.BUSY_BACKGROUND=error
faceQuality.CROP_OUT_OF_ORIGINAL_PICTURE=error
faceQuality.qtdeMinErrors=0

# Turns on face ICAO analysis
useICAO=true

zip.baseDir=/home/griaule

server.id=cardscan3
config.send.searchType=ALL_FINGERS
label.cardscan.use=true

cardscan.ip=192.168.0.189
cardscan.port=8087
cardscan.protocol=http

findRgInRegion=false
remove.point.character=false