eHerkenning/eIDAS
Follow these steps to enable an eHerkenning/eIDAS connection in the Signicat Identity Broker.
If you do not have the Signicat Identity Broker, you will need to follow the steps for direct connections to the eHerkenning Broker.
Learn more about eHerkenning/eIDAS in the Knowledgebase.

Getting Started

The Identity Broker dashboard will show you all previously configured service and authentication providers. To add eHerkenning to the list, please contact Technical Support and they will add it for you.
In order for Signicat to connect to the eHerkenning Broker, you must provide us with a number of details. These are as follows:
    Your sales contract
    Self-Declaration (Zelfverklaring)

Self-Declaration

Sign the Self-Declaration where you indicate to agree to the demands and agreements in the eHerkenning federation (in Dutch). Send this signed self-declaration to Technical Support. Perform this step for each service that you want to publish in the eHerkenning and/or eIDAS service catalogue.

Certificate Information

The Signicat Identity Broker must be configured with two certificates, one for pre-production and one for production, which will be used to cryptographically sign the messages between the Signicat Identity Broker and the eHerkenning/eIDAS network.
Check out the page Certificates in Identity Broker for a clear outline of the steps involved.

eHerkenning Settings

Once it has been added to the list of authentication providers on your dashboard, eHerkenning can now be selected.
Adjust the settings as necessary and
the connection.
    Organisation Identification Number (OIN): This will be automatically filled based on your certificate.
    Entity Index: The connection index; Often 9001 for the test environment and 1 for the production environment.
    Default eHerkenning Service: Once you have defined eHerkenning services, as described here: <link>, you are able to set the default eHerkenning service in this field. It is possible to set the default eherkenning service, you will log in to this service if you do not specify any eH service in the Login Request
    "Decrypt attributes at the broker" Checkbox: Check this checkbox if you want the Signicat Identity broker to do the decryption of the values for you.
    "Include only when scoped" Checkbox: This indicates that the Authentication provider will not be visible on the Authentication Provider selection screen, but can only be reached by using IdP scoping. Read more about IdP scoping here.
    Select Attribute Filter: Attribute filters allow you to filter out certain attributes to make the response more concise for further processing in your software.
    Option to add Response Attribute Mapping:
    Response attribute mapping allows you to choose the name of the attribute and thus use a standardised name that you receive in the response from the different authentication methods that are activated.

Broker Metadata

Once the connection is saved
, press the Get Broker Metadata button
and email the metadata in .xml format to Technical Support.

Integrating eHerkenning through Signicat

When eHerkenning has been successfully added to the dashboard as an Authentication Provider choice, click
to proceed. You will then be presented with the following screen:
Note: If you use only eHerkenning as an Identity Provider and no others, this step will be skipped.
Select eHerkenning to be redirected to the eHerkenning login screen.

Service Catalogue

To publish a service in the eHerkenning network so that organisations can authorise their members to login to these services, data on the service must be published to eHerkenning. This data is published through service catalogues. A service catalogue can contain information for multiple services.
You can add access the eHerkenning Service Catalogue through the main menu of the Identity Broker's dashboard.
Service catalogues define information about your services. Services are indicated through a ServiceID, which contains an Organisational Identification Number (OIN, or Government Identification Number).
IMPORTANT: Service names in the service catalogue are very important. Read more about choosing the name of the service in the FAQ section of the Knowledgebase.
Here you can find the official manual (in Dutch) containing the obligations and advice on filling in service catalogue entries:
Handleiding Dienstencatalogus versie V.pdf
918KB
PDF
Service Catalogue Manual (Dutch)

Demo Information

If you would like to see how eHerkenning/eIDAS works, you can request Signicat's free trial.

Other Sources

Last modified 8d ago