A Django app for DigiD/eHerkenning authentication flows

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for maykinmedia from gravatar.com maykinmedia

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: Maykin Media
  • Tags django, authentication, digid, eherkenning, eidas, dutch, nl, netherlands
Classifiers

Project description

Version:
0.4.0
Source:

https://github.com/maykinmedia/django-digid-eherkenning

Keywords:

django, authentication, digid, eherkenning, eidas, dutch, nl, netherlands

PythonVersion:

3.7+

Build status Code quality checks black Coverage status

python-versions django-versions pypi-version

A Django app for DigiD/eHerkenning authentication flows

1 Features

  • SAML-based DigiD authentication flow

  • SAML-based eHerkenning authentication flow

  • Custom Django authentication backend

  • Extensible

2 Installation

2.1 Requirements

  • Python 3.7 or above

  • setuptools 30.3.0 or above

  • Django 2.2 or newer

2.2 Install

Install with pip:

pip install git+https://github.com/maykinmedia/python3-saml@maykin#egg=python3-saml
pip install django-digid-eherkenning

Add digid_eherkenning to the INSTALLED_APPS in your Django project’s settings:

INSTALLED_APPS = [
    ...,
    "digid_eherkenning",
    ...,
]

If you want to create local users as part of the authentication flow, add the authentication backend to the settings:

AUTHENTICATION_BACKENDS = [
    ...,
    "digid_eherkenning.backends.DigiDBackend",
    ...,
]

Finally, at the URL patterns to your root urls.py:

from django.urls import path, include


urlpatterns = [
    ...,
    path("digid/", include("digid_eherkenning.digid_urls")),
    ...,
]

3 Usage

You can now display login URLs by reversing the appropriate URL:

reverse("digid:login")

or in templates:

{% url 'digid:login' %}

3.1 Mock login flow

For development and demonstration purposes you can swap-in a mockup Digid login flow that accepts any BSN and doesn’t require an actual DigiD metadata configuration.

In the login view username field you can enter any integer up to 9 digits (and a random password) to be used as the BSN in the authentication backend.

Swap the authentication backend for the mock version:

AUTHENTICATION_BACKENDS = [
    "digid_eherkenning.backends.mock.DigiDBackend",
]

Swap the digid url patterns for the mock version:

urlpatterns = [
    ...,
    path("digid/", include("digid_eherkenning.mock.digid_urls")),
    ...,
]

Additionally add the URLs for the mock IDP service to run in the same runserver instance:

urlpatterns = [
    ...,
    path("digid/idp/", include("digid_eherkenning.mock.idp.digid_urls")),
    ...,
]

For settings to control mock behaviour see digid_eherkenning/mock/config.py.

3.2 Generating the DigiD metadata

The metadata for DigiD can be generated with the following command:

python manage.py generate_digid_metadata \
    --want_assertions_encrypted \
    --want_assertions_signed \
    --key_file /path/test.key \
    --cert_file /path/test.certificate \
    --signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
    --digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
    --entity_id http://test-url.nl \
    --base_url http://test-url.nl \
    --service_name "Test name" \
    --service_description "Test description" \
    --attribute_consuming_service_index 9050 \
    --technical_contact_person_telephone 06123123123 \
    --technical_contact_person_email test@test.nl \
    --organization_name "Test organisation" \
    --organization_url http://test-organisation.nl \
    --slo

3.3 Generating eHerkenning/eIDAS metadata

The metadata for eHerkenning and eIDAS can be generated with the following command:

python manage.py generate_eherkenning_metadata \
    --want_assertions_encrypted \
    --want_assertions_signed \
    --key_file /path/test.key \
    --cert_file /path/test.certificate \
    --signature_algorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" \
    --digest_algorithm "http://www.w3.org/2001/04/xmlenc#sha256" \
    --entity_id http://test-url.nl \
    --base_url http://test-url.nl \
    --service_name "Test name" \
    --service_description "Test description" \
    --eh_attribute_consuming_service_index 9052 \
    --eidas_attribute_consuming_service_index 9053 \
    --oin 00000001112223330000 \
    --technical_contact_person_telephone 06123123123 \
    --technical_contact_person_email test@test.nl \
    --organization_name "Test organisation" \
    --organization_url http://test-organisation.nl

For information about each option, use:

python manage.py generate_eherkenning_metadata --help

To generate the dienstcatalogus:

python manage.py generate_eherkenning_dienstcatalogus  \
    --key_file /path/test.key \
    --cert_file /path/test.certificate \
    --entity_id http://test-url.nl \
    --base_url http://test-url.nl \
    --service_name "Test name" \
    --service_description "Test description" \
    --eh_attribute_consuming_service_index 9052 \
    --eidas_attribute_consuming_service_index 9053 \
    --oin 00000001112223330000 \
    --privacy_policy http://test-url.nl/privacy \
    --makelaar_id 00000003332223330000 \
    --organization_name "Test Organisation"

4 Specific broker settings

From 1st of April 2022 certain eHerkenning brokers like OneWelcome and Signicat, require that the artifact resolution request has the content-type header text/xml instead of application/soap+xml. This can be configured by including the following parameter in the EHERKENNING django setting:

EHERKENNING = {
    ...
    "artifact_resolve_content_type": "text/xml",
    ...
}

5 Background information

Information that was at some point relevant and may document certain choices can be found in information.md.

6 Bitbucket mirror

This project was originally on Bitbucket and closed source. The Bitbucket project still exists, but only as a mirror of the Github repository. All future development must happen on Github.

Bitbucket mirror: https://bitbucket.org/maykinmedia/django-digid-eherkenning/

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for maykinmedia from gravatar.com maykinmedia

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: Maykin Media
  • Tags django, authentication, digid, eherkenning, eidas, dutch, nl, netherlands
Classifiers

Release history Release notifications | RSS feed

0.17.2

0.17.1

0.17.0

0.16.0

0.15.0

0.14.0

0.13.1

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

0.8.2

0.8.1

0.8.0

0.7.0

0.6.0

0.5.1

0.5.0

0.4.1

This version

0.4.0

0.3.3

0.3.2

0.3.1

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-digid-eherkenning-0.4.0.tar.gz (344.5 kB view details)

Uploaded Source

Built Distribution

django_digid_eherkenning-0.4.0-py3-none-any.whl (363.8 kB view details)

Uploaded Python 3

File details

Details for the file django-digid-eherkenning-0.4.0.tar.gz.

File metadata

File hashes

Hashes for django-digid-eherkenning-0.4.0.tar.gz
Algorithm Hash digest
SHA256 5297d9080ed25cb34ab05a8d5f2211fd624178658870bf60168fd201cee4983b
MD5 156ad17ba4aff69f03f11b3456fb9676
BLAKE2b-256 985fea49ab76ffbda5ed186d517585e0acad6ca49fe435f72adec3e25e880e6b

See more details on using hashes here.

File details

Details for the file django_digid_eherkenning-0.4.0-py3-none-any.whl.

File metadata

File hashes

Hashes for django_digid_eherkenning-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b87412b686bbc7062cda8c3583b47c1081cd2a5b3fc985b702e0cf2be39485a1
MD5 8aad2386e03eadde94510083a7c0e702
BLAKE2b-256 c00ad5c9395ac755b047fdb536b639c1926f80ce2a1363beb67b9ca03efbc992

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page