A Django app for DigiD/eHerkenning authentication flows
Project description
- Version:
- 0.3.0
- Source:
- Keywords:
django, authentication, digid, eherkenning, eidas, dutch, nl, netherlands
- PythonVersion:
3.7+
A Django app for DigiD/eHerkenning authentication flows
1 Features
SAML-based DigiD authentication flow
SAML-based eHerkenning authentication flow
Custom Django authentication backend
Extensible
2 Installation
2.1 Requirements
Python 3.7 or above
setuptools 30.3.0 or above
Django 2.2 or newer
2.2 Install
Install with pip:
pip install git+https://github.com/maykinmedia/python3-saml@maykin#egg=python3-saml
pip install django-digid-eherkenningAdd digid_eherkenning to the INSTALLED_APPS in your Django project’s settings:
INSTALLED_APPS = [
...,
"digid_eherkenning",
...,
]If you want to create local users as part of the authentication flow, add the authentication backend to the settings:
AUTHENTICATION_BACKENDS = [
...,
"digid_eherkenning.backends.DigiDBackend",
...,
]Finally, at the URL patterns to your root urls.py:
from django.urls import path, include
urlpatterns = [
...,
path("digid/", include("digid_eherkenning.digid_urls")),
...,
]3 Usage
You can now display login URLs by reversing the appropriate URL:
reverse("digid:login")or in templates:
{% url 'digid:login' %}3.1 Mock login flow
For development and demonstration purposes you can swap-in a mockup Digid login flow that accepts any BSN and doesn’t require an actual DigiD metadata configuration.
In the login view username field you can enter any integer up to 9 digits (and a random password) to be used as the BSN in the authentication backend.
Swap the authentication backend for the mock version:
AUTHENTICATION_BACKENDS = [
"digid_eherkenning.backends.mock.DigiDBackend",
]Swap the digid url patterns for the mock version:
urlpatterns = [
...,
path("digid/", include("digid_eherkenning.mock.digid_urls")),
...,
]Additionally add the URLs for the mock IDP service to run in the same runserver instance:
urlpatterns = [
...,
path("digid/idp/", include("digid_eherkenning.mock.idp.digid_urls")),
...,
]For settings to control mock behaviour see digid_eherkenning/mock/config.py.
3.2 Generating the DigiD metadata
The metadata for DigiD can be generated with the following command:
python manage.py generate_digid_metadata \
--want_assertions_encrypted \
--want_assertions_signed \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
--digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--attribute_consuming_service_index 9050 \
--technical_contact_person_telephone 06123123123 \
--technical_contact_person_email test@test.nl \
--organization_name "Test organisation" \
--organization_url http://test-organisation.nl3.3 Generating eHerkenning/eIDAS metadata
The metadata for eHerkenning and eIDAS can be generated with the following command:
python manage.py generate_eherkenning_metadata \
--want_assertions_encrypted \
--want_assertions_signed \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
--digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--eh_attribute_consuming_service_index 9052 \
--eidas_attribute_consuming_service_index 9053 \
--oin 00000001112223330000 \
--technical_contact_person_telephone 06123123123 \
--technical_contact_person_email test@test.nl \
--organization_name "Test organisation" \
--organization_url http://test-organisation.nlFor information about each option, use:
python manage.py generate_eherkenning_metadata --helpTo generate the dienstcatalogus:
python manage.py generate_eherkenning_dienstcatalogus \
--key_file /path/test.key \
--cert_file /path/test.certificate \
--entity_id http://test-url.nl \
--base_url http://test-url.nl \
--service_name "Test name" \
--service_description "Test description" \
--eh_attribute_consuming_service_index 9052 \
--eidas_attribute_consuming_service_index 9053 \
--oin 00000001112223330000 \
--privacy_policy http://test-url.nl/privacy \
--makelaar_id 00000003332223330000 \
--organization_name "Test Organisation"4 Background information
Information that was at some point relevant and may document certain choices can be found in information.md.
5 Bitbucket mirror
This project was originally on Bitbucket and closed source. The Bitbucket project still exists, but only as a mirror of the Github repository. All future development must happen on Github.
Bitbucket mirror: https://bitbucket.org/maykinmedia/django-digid-eherkenning/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-digid-eherkenning-0.3.0.tar.gz.
File metadata
- Download URL: django-digid-eherkenning-0.3.0.tar.gz
- Upload date:
- Size: 341.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 02430215481499a5e98f60bd7d254c9d5a19990b5dcbfc4b1656cce6ec0aa828 |
|
| MD5 | b7fe70f71e39a7d08638f127afe6df8b |
|
| BLAKE2b-256 | edad24f7025828165110b601f8d5c47619f8da3c045c179ca1a5fd4c0af0f7d9 |
File details
Details for the file django_digid_eherkenning-0.3.0-py3-none-any.whl.
File metadata
- Download URL: django_digid_eherkenning-0.3.0-py3-none-any.whl
- Upload date:
- Size: 360.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ef6e629fc060d69aff39474c1859881b14497c82c63306f16d5c3e7cc44c8a5d |
|
| MD5 | 9232867921549cc5192979e9d9398869 |
|
| BLAKE2b-256 | 9b47e55a4219b8fed59e2aabd011b7f8d8518ee6fadbd5ededbfae7039f4037e |
