eHerkenning/eIDAS Info
Service providers in the Netherlands can use eHerkenning to allow users to log in on behalf of their organisations. Service providers in the Netherlands can allow users of (non-Dutch) European eIDs to log into their services by using the eHerkenning network. More information on eHerkenning is available via https://www.eherkenning.nl/.

Service catalogues

In order to publish a service in the eHerkenning network so that organisations can authorise their members to log into those services, data on the service must be published to eHerkenning. This data is published through so-called service catalogues. A service catalogue can contain information for multiple services.
Service catalogues define information about your services. Services are indicated through a ServiceID, which contains an Overheids Identificatie Number (OIN, or Government Identification Number). More information about OINs can be found here. The Service ID format is:
1
urn:etoegang:DV:oin:services:service index
Copied!
The required Level of Assurance for each of your services is listed in the service catalogue. Each service can have its own Level Of Assurance. It also indicates what kind of identifying attribute (EntityConcernedTypesAllowed) you want to receive in your application, and whether or not you wish to enable eIDAS (Classifier). More detailed information on service catalogues.
To create a service catalogue, copy the following information into a text file and fill it out. Send this file to [email protected]. Connectis will ensure the eHerkenning / eIDAS network will subsequently be updated with your changes.
1
<?xml version="1.0" encoding="UTF-8"?>
2
<esc:ServiceCatalogue xmlns:esc="urn:etoegang:1.13:service-catalog" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
3
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
4
esc:IssueInstant="2019-12-28T10:19:57Z" esc:Version="urn:etoegang:1.13:53"
5
ID="198d678c-239e-43c4-acf7-b4f6f1f6d8c0">
6
<esc:ServiceProvider esc:IsPublic="true">
7
<esc:ServiceProviderID><!--OIN van organistatie--></esc:ServiceProviderID>
8
<esc:OrganizationDisplayName xml:lang="nl"><!--Naam van organistatie--></esc:OrganizationDisplayName>
9
<esc:ServiceDefinition esc:IsPublic="true">
10
<esc:ServiceUUID><!--unieke ID genereren via uuidgenerator.net--></esc:ServiceUUID>
11
<esc:ServiceName xml:lang="nl"><!--Naam van de Service--></esc:ServiceName>
12
<esc:ServiceName xml:lang="en"><!--Naam van de Service--></esc:ServiceName>
13
<esc:ServiceDescription xml:lang="nl"><!--Beschrijving van de Service--></esc:ServiceDescription>
14
<esc:ServiceDescription xml:lang="en"><!--Beschrijving van de Service--></esc:ServiceDescription>
15
<esc:ServiceDescriptionURL xml:lang="nl">http://example.etoegang.nl</esc:ServiceDescriptionURL>
16
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:<!--Loa van de Service--></saml:AuthnContextClassRef>
17
<esc:HerkenningsmakelaarId>00000003244440010000</esc:HerkenningsmakelaarId>
18
<esc:EntityConcernedTypesAllowed>urn:etoegang:1.9:EntityConcernedID:KvKnr</esc:EntityConcernedTypesAllowed>
19
<esc:ServiceRestrictionsAllowed>urn:etoegang:1.9:ServiceRestriction:Vestigingsnr</esc:ServiceRestrictionsAllowed>
20
</esc:ServiceDefinition>
21
<esc:ServiceInstance esc:IsPublic="true">
22
<esc:ServiceID>urn:etoegang:DV:<!--OIN -->:services:<!--Service Index--></esc:ServiceID>
23
<esc:ServiceUUID><!--unieke ID genereren via uuidgenerator.net--></esc:ServiceUUID>
24
<esc:InstanceOfService><!-- UUID of service definition--></esc:InstanceOfService>
25
<esc:ServiceURL xml:lang="nl">vul hier een service url in</esc:ServiceURL>
26
<esc:ServiceURL xml:lang="en">vul hier een service url in</esc:ServiceURL>
27
<esc:PrivacyPolicyURL xml:lang="nl">vul hier een privacy url in</esc:PrivacyPolicyURL>
28
<esc:PrivacyPolicyURL xml:lang="en">vul hier een privacy url in</esc:PrivacyPolicyURL>
29
<esc:HerkenningsmakelaarId>00000003244440010000</esc:HerkenningsmakelaarId>
30
<esc:SSOSupport><!-- a boolean that indicates if the service supports SingleSignOn --></esc:SSOSupport>
31
<esc:ServiceCertificate>
32
<md:KeyDescriptor use="encryption">
33
<ds:KeyInfo>
34
<ds:KeyName>..............</ds:KeyName>
35
<ds:X509Data>
36
<ds:X509Certificate>..............</ds:X509Certificate>
37
</ds:X509Data>
38
</ds:KeyInfo>
39
</md:KeyDescriptor>
40
</esc:ServiceCertificate>
41
</esc:ServiceInstance>
42
</esc:ServiceProvider>
43
</esc:ServiceCatalogue>
Copied!

Classifier

By specifying a Classifier element, you can couple your service to eIDAS, instead of eHerkenning. Please use one of these options:
Omit the <Classifier> element
The service is coupled to eHerkenning
Specify a <Classifier> element as shown in the example, i.e.
<Classifier>eIDAS-inbound<Classifier>
The service is coupled to eIDAS
Last modified 1mo ago