Skip to main content

A Django app for DigiD/eHerkenning authentication flows

Project description

Version:
0.3.1
Source:

https://github.com/maykinmedia/django-digid-eherkenning

Keywords:

django, authentication, digid, eherkenning, eidas, dutch, nl, netherlands

PythonVersion:

3.7+

Build status Code quality checks black Coverage status

python-versions django-versions pypi-version

A Django app for DigiD/eHerkenning authentication flows

1 Features

  • SAML-based DigiD authentication flow

  • SAML-based eHerkenning authentication flow

  • Custom Django authentication backend

  • Extensible

2 Installation

2.1 Requirements

  • Python 3.7 or above

  • setuptools 30.3.0 or above

  • Django 2.2 or newer

2.2 Install

Install with pip:

pip install git+https://github.com/maykinmedia/python3-saml@maykin#egg=python3-saml
pip install django-digid-eherkenning

Add digid_eherkenning to the INSTALLED_APPS in your Django project’s settings:

INSTALLED_APPS = [
    ...,
    "digid_eherkenning",
    ...,
]

If you want to create local users as part of the authentication flow, add the authentication backend to the settings:

AUTHENTICATION_BACKENDS = [
    ...,
    "digid_eherkenning.backends.DigiDBackend",
    ...,
]

Finally, at the URL patterns to your root urls.py:

from django.urls import path, include


urlpatterns = [
    ...,
    path("digid/", include("digid_eherkenning.digid_urls")),
    ...,
]

3 Usage

You can now display login URLs by reversing the appropriate URL:

reverse("digid:login")

or in templates:

{% url 'digid:login' %}

3.1 Mock login flow

For development and demonstration purposes you can swap-in a mockup Digid login flow that accepts any BSN and doesn’t require an actual DigiD metadata configuration.

In the login view username field you can enter any integer up to 9 digits (and a random password) to be used as the BSN in the authentication backend.

Swap the authentication backend for the mock version:

AUTHENTICATION_BACKENDS = [
    "digid_eherkenning.backends.mock.DigiDBackend",
]

Swap the digid url patterns for the mock version:

urlpatterns = [
    ...,
    path("digid/", include("digid_eherkenning.mock.digid_urls")),
    ...,
]

Additionally add the URLs for the mock IDP service to run in the same runserver instance:

urlpatterns = [
    ...,
    path("digid/idp/", include("digid_eherkenning.mock.idp.digid_urls")),
    ...,
]

For settings to control mock behaviour see digid_eherkenning/mock/config.py.

3.2 Generating the DigiD metadata

The metadata for DigiD can be generated with the following command:

python manage.py generate_digid_metadata \
    --want_assertions_encrypted \
    --want_assertions_signed \
    --key_file /path/test.key \
    --cert_file /path/test.certificate \
    --signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
    --digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
    --entity_id http://test-url.nl \
    --base_url http://test-url.nl \
    --service_name "Test name" \
    --service_description "Test description" \
    --attribute_consuming_service_index 9050 \
    --technical_contact_person_telephone 06123123123 \
    --technical_contact_person_email test@test.nl \
    --organization_name "Test organisation" \
    --organization_url http://test-organisation.nl

3.3 Generating eHerkenning/eIDAS metadata

The metadata for eHerkenning and eIDAS can be generated with the following command:

python manage.py generate_eherkenning_metadata \
    --want_assertions_encrypted \
    --want_assertions_signed \
    --key_file /path/test.key \
    --cert_file /path/test.certificate \
    --signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
    --digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
    --entity_id http://test-url.nl \
    --base_url http://test-url.nl \
    --service_name "Test name" \
    --service_description "Test description" \
    --eh_attribute_consuming_service_index 9052 \
    --eidas_attribute_consuming_service_index 9053 \
    --oin 00000001112223330000 \
    --technical_contact_person_telephone 06123123123 \
    --technical_contact_person_email test@test.nl \
    --organization_name "Test organisation" \
    --organization_url http://test-organisation.nl

For information about each option, use:

python manage.py generate_eherkenning_metadata --help

To generate the dienstcatalogus:

python manage.py generate_eherkenning_dienstcatalogus  \
    --key_file /path/test.key \
    --cert_file /path/test.certificate \
    --entity_id http://test-url.nl \
    --base_url http://test-url.nl \
    --service_name "Test name" \
    --service_description "Test description" \
    --eh_attribute_consuming_service_index 9052 \
    --eidas_attribute_consuming_service_index 9053 \
    --oin 00000001112223330000 \
    --privacy_policy http://test-url.nl/privacy \
    --makelaar_id 00000003332223330000 \
    --organization_name "Test Organisation"

4 Specific broker settings

From 1st of April 2022 certain eHerkenning brokers like OneWelcome and Signicat, require that the artifact resolution request has the content-type header text/xml instead of application/soap+xml. This can be configured by including the following parameter in the EHERKENNING django setting:

EHERKENNING = {
    ...
    "artifact_resolve_content_type": "text/xml",
    ...
}

5 Background information

Information that was at some point relevant and may document certain choices can be found in information.md.

6 Bitbucket mirror

This project was originally on Bitbucket and closed source. The Bitbucket project still exists, but only as a mirror of the Github repository. All future development must happen on Github.

Bitbucket mirror: https://bitbucket.org/maykinmedia/django-digid-eherkenning/

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-digid-eherkenning-0.3.1.tar.gz (342.5 kB view details)

Uploaded Source

Built Distribution

django_digid_eherkenning-0.3.1-py3-none-any.whl (361.1 kB view details)

Uploaded Python 3

File details

Details for the file django-digid-eherkenning-0.3.1.tar.gz.

File metadata

File hashes

Hashes for django-digid-eherkenning-0.3.1.tar.gz
Algorithm Hash digest
SHA256 c4d10cb2967489087439f32bfc67e05715499c46890d5fb085e89dd6e5259fa0
MD5 0b9e95bd10ae7c2fb9551227df16310d
BLAKE2b-256 5a8a8aa0cde7ee8b15f15a8cf9ec6464d414e8af3415a70c428e91788c31b6b5

See more details on using hashes here.

File details

Details for the file django_digid_eherkenning-0.3.1-py3-none-any.whl.

File metadata

File hashes

Hashes for django_digid_eherkenning-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e2f9c5a5fc15de4e300a97cc6fd1055093f1df76be3229a1e90ac21aed1405e5
MD5 f48581d2d9ddce865f98eb155809db6d
BLAKE2b-256 bf0fb2ea44ebe6d3806229ea7025c53af733bb5800315faa6299f119c7e44546

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page