HomeSignicat websiteSupport
Search…
Signicat Documentation
Releases
Release Notes: Signicat NextGen
Release Notes
MySignicat
MySignicat Overview
MySignicat Dashboard
Federation Dashboard
Admins Management
Signicat Identity Broker
SIB Overview
Certificates in Identity Broker
Identity Broker Dashboard
Service Providers
Authentication Providers
Belgian eID (.beID)
CIAM
DigiD
Digital Passport
eHerkenning/eIDAS
Communication
FNMT-RCM
iDIN
itsme
Norwegian BankID
UZI Pas
Social IDs
Connection Methods
Message Log
Broker Settings
SAML Attribute Consuming Services
Level of Assurance Contracts
Attribute Filters
Broker Services
Features & Specifications
Customer Identity and Access Management
CIAM Overview
CIAM Dashboard
Managing Organisations
Managing Users
Managing Roles
Custom Attributes
CIAM Settings
SCIM API v1.0 (latest)
SCIM API v0.1 (deprecated)
SDK
Signicat Adapters
Web SDK
Mobile SDK
API Documentation
Knowledgebase
Frequently Asked Questions
Glossary
eID Overview
About Belgian eID (.beID)
About CIAM
About DigiD
About Digital Passport
About eHerkenning/eIDAS
About FNMT-RCM
About iDIN
About itsme
About Norwegian BankID
About UZI Pas
Protocol information
Connectis Identity Broker
Configure Your Environment with MyConnectis
Configuring eIDs
Connecting Your Application
Generic information
Testing Toolkit (deprecated)
Support
Powered By GitBook
eHerkenning/eIDAS
Follow these steps to enable an eHerkenning/eIDAS connection in the Signicat Identity Broker.
If you do not have the Signicat Identity Broker, you will need to follow the steps for direct connections to the eHerkenning Broker.
Learn more about eHerkenning/eIDAS in the Knowledgebase.

Getting Started

The Identity Broker dashboard will show you all previously configured service and authentication providers. To add eHerkenning to the list, please contact Technical Support and they will add it for you.
In order for Signicat to connect to the eHerkenning Broker, you must provide us with a number of details. These are as follows:
    Your sales contract
    Self-Declaration (Zelfverklaring)

Self-Declaration

Sign the Self-Declaration where you indicate to agree to the demands and agreements in the eHerkenning federation (in Dutch). Send this signed self-declaration to Technical Support. Perform this step for each service that you want to publish in the eHerkenning and/or eIDAS service catalogue.

Certificate Information

The Signicat Identity Broker must be configured with two certificates, one for pre-production and one for production, which will be used to cryptographically sign the messages between the Signicat Identity Broker and the eHerkenning/eIDAS network.
Check out the page Certificates in Identity Broker for a clear outline of the steps involved.

eHerkenning Settings

Once it has been added to the list of authentication providers on your dashboard, eHerkenning can now be selected.
Adjust the settings as necessary and
the connection.
    Organisation Identification Number (OIN): This will be automatically filled based on your certificate.
    Entity Index: The connection index; Often 9001 for the test environment and 1 for the production environment.
    Default eHerkenning Service: Once you have defined eHerkenning services, as described here: <link>, you are able to set the default eHerkenning service in this field. It is possible to set the default eherkenning service, you will log in to this service if you do not specify any eH service in the Login Request
    "Decrypt attributes at the broker" Checkbox: Check this checkbox if you want the Signicat Identity broker to do the decryption of the values for you.
    "Include only when scoped" Checkbox: This indicates that the Authentication provider will not be visible on the Authentication Provider selection screen, but can only be reached by using IdP scoping. Read more about IdP scoping here.
    Select Attribute Filter: Attribute filters allow you to filter out certain attributes to make the response more concise for further processing in your software.
    Option to add Response Attribute Mapping:
    Response attribute mapping allows you to choose the name of the attribute and thus use a standardised name that you receive in the response from the different authentication methods that are activated.

Broker Metadata

Once the connection is saved
, press the Get Broker Metadata button
and email the metadata in .xml format to Technical Support.

Integrating eHerkenning through Signicat

When eHerkenning has been successfully added to the dashboard as an Authentication Provider choice, click
to proceed. You will then be presented with the following screen:
​
​
Note: If you use only eHerkenning as an Identity Provider and no others, this step will be skipped.
Select eHerkenning to be redirected to the eHerkenning login screen.

Service Catalogue

To publish a service in the eHerkenning network so that organisations can authorise their members to login to these services, data on the service must be published to eHerkenning. This data is published through service catalogues. A service catalogue can contain information for multiple services.
You can add access the eHerkenning Service Catalogue through the main menu of the Identity Broker's dashboard.
Service catalogues define information about your services. Services are indicated through a ServiceID, which contains an Organisational Identification Number (OIN, or Government Identification Number).
IMPORTANT: Service names in the service catalogue are very important. Read more about choosing the name of the service in the FAQ section of the Knowledgebase.
Here you can find the official manual (in Dutch) containing the obligations and advice on filling in service catalogue entries:
Handleiding Dienstencatalogus versie V.pdf
918KB
PDF
Service Catalogue Manual (Dutch)

Demo Information

If you would like to see how eHerkenning/eIDAS works, you can request Signicat's free trial.

Other Sources

Previous
Digital Passport
Next
Communication
Last modified 8d ago
Copy link
Contents
Getting Started
Certificate Information
eHerkenning Settings
Broker Metadata
Integrating eHerkenning through Signicat
Service Catalogue
Demo Information
Other Sources