Skip to content

Latest commit

 

History

History
76 lines (55 loc) · 3.24 KB

digid.rst

File metadata and controls

76 lines (55 loc) · 3.24 KB
Raw

DigiD authentication

Warning

This plugin cannot be configured via the admin interface and requires an update of the Open Forms installation.

Some forms can require authentication. Open Forms supports authentication using DigiD. Access to DigiD can typically be obtained via Logius.

Using DigiD for authentication will provide the BSN (social security number) of the authenticated person to the form context. Using the BSN, certain fields can be prefilled <configuration_prefill_index> with relevant personal data.

Note

Open Forms currently only supports security level (betrouwbaarheidsniveau) "Midden".

DigiD SAML2 AuthnContextClassRef element
Basis urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Midden urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
Substantieel urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
Hoog urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI

Source: Logius

Step by step overview

  1. Read the requirements for getting access to DigiD on the Logius website. There are several steps that need to be taken on your end that are not covered here.
  2. Request a PKIoverheid Private Services Server G1 certificate at your PKIO SSL certificate supplier. This is required for backchannel communication with Logius (if you already have one for Open Forms, it can be re-used).

  3. Send the following information to your Open Forms supplier in a secure way:

    • Public and private certificate (obtained in step 2)
    • Desired service name (for example: "Digitaal Loket") shown in DigiD
    • Privacy policy URL of your main website

    Your Open Forms supplier will install the certificates in Open Forms, generate some XML metadata files and sends these back to you.

  4. Request access to the pre-production environment on the Logius website and follow the steps there. To request access, you will need the following information:

    • Zekerheidsniveau: Midden
    • DigiD eenmalig inloggen: Nee
    • URL aansluiting: The Open Forms domain, for example: https://forms.organization.com
    • Webdienstnaam: The same desired service name as given in step 3
    • Metadata: The XML-file provided to you by your Open Forms supplier
    • Publieke deel PKIO-certificaat: The public certificate obtained in step 2

    As technical contact, you should provide your Open Forms supplier contact details.

Problems? You might want to check out installation_issues_form_auth.