General Questions

Changing UUIDs

Every service in the eHerkenning Service Catalogue has a UUID. This is a unique number that is characteristic for a certain service. Permissions that are linked to the eHerkenning the end-user's resources are issued based on UUIDs.
When entering a new service, the service is assigned a UUID. In the case of minor changes, the UUID must always remain the same.
In case of major changes to existing services (e.g. the reliability level), the UUID must be changed. This means that end-users must again link this (new) service to their eHerkenning device in order to gain access.
It is therefore important that the UUID remains the same in the event of minor changes, otherwise end-users will no longer be able to log in and will have to link another service to their eHerkenning device.

Where can I find outage and maintenance reports?

Systemwide outages can be found on the reporting page of Logius: Outage and Maintenance page.

Is there a health check available?

Yes, users of the Signicat Identity Broker are able to access the health check page. They can reach the health check page by changing the 'hostname' in the URL below to the appropriate hostname and then pasting the link into the browser.
https://putyourhostnamehere.nl/broker/actuator/health

How can I make a complaint?

At Signicat, we believe it is important that our clients are satisfied with our services. We are therefore constantly working to further optimise our services.
For sales-related and general questions or remarks, please contact your regular contact person of the sales department. For technical questions or remarks, please contact our technical support department.
In the unlikely event that you are not satisfied, we will be happy to work with you to find a solution. For complaints regarding the Signicat Identity Broker, eHerkenning Broker or CIAM solutions, please send an email to [email protected]
You will receive an acknowledgement of receipt and a deadline for finding a solution.

If I connect eHerkenning, does eIDAS come standard?

This is not standard, but depends on the contract you enter into with Signicat. eHerkenning and eIDAS can, however, be accessed via the same connection. Please contact sales to find out more.

We are connected to an older interface of eHerkenning. Why is it necessary to upgrade?

Older versions will no longer be supported in the future due to increased privacy and security legislation. This means it is necessary to keep upgrading the connections on the interface.

What is a PKI Overheid certificate?

PKI stands for Public Key Infrastructure; a digital certificate that allows you to exchange data securely online with government agencies and the Tax and Customs Administration, among others.
PKI is an international standard when it comes to signing data and messages. You can therefore obtain a PKI certificate in various ways. This is not sufficient for the government. The government states that you need a PKI Overheid certificate. A PKI Overheid certificate is a regular PKI certificate, but issued by a Certificate Authority (CA) that has been authorised by the government. They must meet strict requirements of the government.

I provide services for a government agency. Can I apply for a PKI Overheid certificate myself?

Yes, you can. More information can be found here.

What is an OIN?

This is an Organisation Identification Number or also called a Government Identification Number. You use it to identify yourself as an organisation.

What protocols does Signicat use?

Signicat uses SAML, OpenID Connect (OAuth) and WS-Fed. For more information, please visit our service providers page.

Which eIDs are supported by the Signicat Identity Broker?

The Signicat Identity Broker provides access to a range of eID standards. We offer support for DigiD, eHerkenning, iDIN, eIDAS, Facebook, Google and all SAML-based eIDs. With the Signicat Identity Broker, you only need one connection to connect all these eIDs. For more information about the eIDs, please visit our updated eID page.

Why can't I set up HTTP connections (to localhost) to test the Identity Broker?

Because HTTP connections are not considered secure, we do not allow you to configure them. In addition, HTTP connections, even if they are only to localhost, are considered 'non-compliant' in several audits. Therefore, all connections must be set up with HTTPS. Since security is important, especially in authentication flows, we make no exceptions. Our advice is to use HTTPS on localhost:
  • Create a DNS record for your company domain pointing to 127.0.0.1 (for example *.local.test.domain.com).
  • Buy a cheap certificate for this domain and share it with all developers who need to use it.
Does your question remain unanswered? You can reach our Technical Support department Monday to Friday from 09:00 to 17:30 via email [email protected] or by calling
Last modified 2mo ago