A Django app for DigiD/eHerkenning authentication flows
Project description
- Version:
- 0.4.0
- Source:
- Keywords:
django, authentication, digid, eherkenning, eidas, dutch, nl, netherlands
- PythonVersion:
3.7+
A Django app for DigiD/eHerkenning authentication flows
1 Features
SAML-based DigiD authentication flow
SAML-based eHerkenning authentication flow
Custom Django authentication backend
Extensible
2 Installation
2.1 Requirements
Python 3.7 or above
setuptools 30.3.0 or above
Django 2.2 or newer
2.2 Install
Install with pip:
pip install git+https://github.com/maykinmedia/python3-saml@maykin#egg=python3-saml
pip install django-digid-eherkenning
Add digid_eherkenning to the INSTALLED_APPS in your Django project’s settings:
INSTALLED_APPS = [
...,
"digid_eherkenning",
...,
]
If you want to create local users as part of the authentication flow, add the authentication backend to the settings:
AUTHENTICATION_BACKENDS = [
...,
"digid_eherkenning.backends.DigiDBackend",
...,
]
Finally, at the URL patterns to your root urls.py:
from django.urls import path, include
urlpatterns = [
...,
path("digid/", include("digid_eherkenning.digid_urls")),
...,
]
3 Usage
You can now display login URLs by reversing the appropriate URL:
reverse("digid:login")
or in templates:
{% url 'digid:login' %}
3.1 Mock login flow
For development and demonstration purposes you can swap-in a mockup Digid login flow that accepts any BSN and doesn’t require an actual DigiD metadata configuration.
In the login view username field you can enter any integer up to 9 digits (and a random password) to be used as the BSN in the authentication backend.
Swap the authentication backend for the mock version:
AUTHENTICATION_BACKENDS = [
"digid_eherkenning.backends.mock.DigiDBackend",
]
Swap the digid url patterns for the mock version:
urlpatterns = [
...,
path("digid/", include("digid_eherkenning.mock.digid_urls")),
...,
]
Additionally add the URLs for the mock IDP service to run in the same runserver instance:
urlpatterns = [
...,
path("digid/idp/", include("digid_eherkenning.mock.idp.digid_urls")),
...,
]
For settings to control mock behaviour see digid_eherkenning/mock/config.py.
3.2 Generating the DigiD metadata
The metadata for DigiD can be generated with the following command:
python manage.py generate_digid_metadata \
--want_assertions_encrypted \
--want_assertions_signed \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
--digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--attribute_consuming_service_index 9050 \
--technical_contact_person_telephone 06123123123 \
--technical_contact_person_email test@test.nl \
--organization_name "Test organisation" \
--organization_url http://test-organisation.nl \
--slo
3.3 Generating eHerkenning/eIDAS metadata
The metadata for eHerkenning and eIDAS can be generated with the following command:
python manage.py generate_eherkenning_metadata \
--want_assertions_encrypted \
--want_assertions_signed \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
--digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--eh_attribute_consuming_service_index 9052 \
--eidas_attribute_consuming_service_index 9053 \
--oin 00000001112223330000 \
--technical_contact_person_telephone 06123123123 \
--technical_contact_person_email test@test.nl \
--organization_name "Test organisation" \
--organization_url http://test-organisation.nl
For information about each option, use:
python manage.py generate_eherkenning_metadata --help
To generate the dienstcatalogus:
python manage.py generate_eherkenning_dienstcatalogus \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--eh_attribute_consuming_service_index 9052 \
--eidas_attribute_consuming_service_index 9053 \
--oin 00000001112223330000 \
--privacy_policy http://test-url.nl/privacy \
--makelaar_id 00000003332223330000 \
--organization_name "Test Organisation"
4 Specific broker settings
From 1st of April 2022 certain eHerkenning brokers like OneWelcome and Signicat, require that the artifact resolution request has the content-type header text/xml instead of application/soap+xml. This can be configured by including the following parameter in the EHERKENNING django setting:
EHERKENNING = {
...
"artifact_resolve_content_type": "text/xml",
...
}
5 Background information
Information that was at some point relevant and may document certain choices can be found in information.md.
6 Bitbucket mirror
This project was originally on Bitbucket and closed source. The Bitbucket project still exists, but only as a mirror of the Github repository. All future development must happen on Github.
Bitbucket mirror: https://bitbucket.org/maykinmedia/django-digid-eherkenning/
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-digid-eherkenning-0.4.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5297d9080ed25cb34ab05a8d5f2211fd624178658870bf60168fd201cee4983b |
|
MD5 | 156ad17ba4aff69f03f11b3456fb9676 |
|
BLAKE2b-256 | 985fea49ab76ffbda5ed186d517585e0acad6ca49fe435f72adec3e25e880e6b |
Hashes for django_digid_eherkenning-0.4.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b87412b686bbc7062cda8c3583b47c1081cd2a5b3fc985b702e0cf2be39485a1 |
|
MD5 | 8aad2386e03eadde94510083a7c0e702 |
|
BLAKE2b-256 | c00ad5c9395ac755b047fdb536b639c1926f80ce2a1363beb67b9ca03efbc992 |