A Django app for DigiD/eHerkenning authentication flows
Project description
- Version:
- 0.3.2
- Source:
- Keywords:
django, authentication, digid, eherkenning, eidas, dutch, nl, netherlands
- PythonVersion:
3.7+
A Django app for DigiD/eHerkenning authentication flows
1 Features
SAML-based DigiD authentication flow
SAML-based eHerkenning authentication flow
Custom Django authentication backend
Extensible
2 Installation
2.1 Requirements
Python 3.7 or above
setuptools 30.3.0 or above
Django 2.2 or newer
2.2 Install
Install with pip:
pip install git+https://github.com/maykinmedia/python3-saml@maykin#egg=python3-saml
pip install django-digid-eherkenning
Add digid_eherkenning to the INSTALLED_APPS in your Django project’s settings:
INSTALLED_APPS = [
...,
"digid_eherkenning",
...,
]
If you want to create local users as part of the authentication flow, add the authentication backend to the settings:
AUTHENTICATION_BACKENDS = [
...,
"digid_eherkenning.backends.DigiDBackend",
...,
]
Finally, at the URL patterns to your root urls.py:
from django.urls import path, include
urlpatterns = [
...,
path("digid/", include("digid_eherkenning.digid_urls")),
...,
]
3 Usage
You can now display login URLs by reversing the appropriate URL:
reverse("digid:login")
or in templates:
{% url 'digid:login' %}
3.1 Mock login flow
For development and demonstration purposes you can swap-in a mockup Digid login flow that accepts any BSN and doesn’t require an actual DigiD metadata configuration.
In the login view username field you can enter any integer up to 9 digits (and a random password) to be used as the BSN in the authentication backend.
Swap the authentication backend for the mock version:
AUTHENTICATION_BACKENDS = [
"digid_eherkenning.backends.mock.DigiDBackend",
]
Swap the digid url patterns for the mock version:
urlpatterns = [
...,
path("digid/", include("digid_eherkenning.mock.digid_urls")),
...,
]
Additionally add the URLs for the mock IDP service to run in the same runserver instance:
urlpatterns = [
...,
path("digid/idp/", include("digid_eherkenning.mock.idp.digid_urls")),
...,
]
For settings to control mock behaviour see digid_eherkenning/mock/config.py.
3.2 Generating the DigiD metadata
The metadata for DigiD can be generated with the following command:
python manage.py generate_digid_metadata \
--want_assertions_encrypted \
--want_assertions_signed \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
--digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--attribute_consuming_service_index 9050 \
--technical_contact_person_telephone 06123123123 \
--technical_contact_person_email test@test.nl \
--organization_name "Test organisation" \
--organization_url http://test-organisation.nl
3.3 Generating eHerkenning/eIDAS metadata
The metadata for eHerkenning and eIDAS can be generated with the following command:
python manage.py generate_eherkenning_metadata \
--want_assertions_encrypted \
--want_assertions_signed \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
--digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--eh_attribute_consuming_service_index 9052 \
--eidas_attribute_consuming_service_index 9053 \
--oin 00000001112223330000 \
--technical_contact_person_telephone 06123123123 \
--technical_contact_person_email test@test.nl \
--organization_name "Test organisation" \
--organization_url http://test-organisation.nl
For information about each option, use:
python manage.py generate_eherkenning_metadata --help
To generate the dienstcatalogus:
python manage.py generate_eherkenning_dienstcatalogus \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--eh_attribute_consuming_service_index 9052 \
--eidas_attribute_consuming_service_index 9053 \
--oin 00000001112223330000 \
--privacy_policy http://test-url.nl/privacy \
--makelaar_id 00000003332223330000 \
--organization_name "Test Organisation"
4 Specific broker settings
From 1st of April 2022 certain eHerkenning brokers like OneWelcome and Signicat, require that the artifact resolution request has the content-type header text/xml instead of application/soap+xml. This can be configured by including the following parameter in the EHERKENNING django setting:
EHERKENNING = {
...
"artifact_resolve_content_type": "text/xml",
...
}
5 Background information
Information that was at some point relevant and may document certain choices can be found in information.md.
6 Bitbucket mirror
This project was originally on Bitbucket and closed source. The Bitbucket project still exists, but only as a mirror of the Github repository. All future development must happen on Github.
Bitbucket mirror: https://bitbucket.org/maykinmedia/django-digid-eherkenning/
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-digid-eherkenning-0.3.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9e3fa9ef6da27cc4ad2edc5bc89947774ad7df27ce36f76e64305dbf7cfebc33 |
|
MD5 | 2d120caf92fd915d8405bff6de1f4a82 |
|
BLAKE2b-256 | bbdff5ce81a260e96c1a55d2c4a445f2a2a69fb1ae1bac056cd82cdf7809c106 |
Hashes for django_digid_eherkenning-0.3.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7570a580ca9c8eede7eed7299879cd7ed68705d3930bc56f049c6cfd3c3b66e2 |
|
MD5 | 1b4ec6f7cf0b7e87dc6fcbefdfb7ac3e |
|
BLAKE2b-256 | ac27774f6352bb3b4165d75b58023a123df7a499a9f056c536657c284a4b2c8b |