HomeSignicat WebsiteSupportGet Started
Search…
Signicat Documentation
Releases
Release Notes: Signicat NextGen
Release Notes
MySignicat
MySignicat Overview
MySignicat Dashboard
Federation Dashboard
Admins Management
Signicat Identity Broker
Identity Broker Overview
Certificates in Identity Broker
Identity Broker Dashboard
Service Providers
Authentication Providers
Message Log
Broker Settings
SAML Attribute Consuming Services
Level of Assurance Contracts
Attribute Filters
Service Catalogue
Identifiers (ECTAs)
Broker Services
Broker Features
eHerkenning Broker
Intro to eHerkenning Broker
Direct Connection to eHerkenning Broker
eHerkenning Service Catalogue
Example Messages
Certificates in eHerkenning Broker
BSNk Polymorphic Decryption Keys
Interface Management
Communication
OwnIdP
OwnIdP Overview
OwnIdP Dashboard
Managing Organisations
Managing Roles
Managing Roles per Service Provider
Managing Users
Custom Attributes
OwnIdP Settings
SCIM API v1.0
Signicat Adapters
SDK Overview
Mobile SDK
Web SDK
Manual SDK Configuration
Knowledgebase
Changes to IdP-scoping in Signicat Identity Broker
eHerkenning Broker Migration
Frequently Asked Questions
Glossary of Terms
ID Method Overview
Protocol Information
Signicat Support
Connectis Legacy Content
Powered By GitBook
Service Catalogue
Here you will find everything you need to create a Service Catalogue in the Identity Broker.
Company Settings need to be created before creating the service catalogue. These can be found within Broker Settings.

Introduction

To publish a service in the eHerkenning network so that organisations can authorise their members to login to these services, data on the service must be published to eHerkenning. This data is published through service catalogues. A service catalogue can contain information for multiple services.
You can add access the eHerkenning Service Catalogue through the main menu of the Identity Broker's dashboard.
Service catalogues define information about your services. Services are indicated through a ServiceID, which contains an Organisational Identification Number (OIN, or Government Identification Number) and index. We automatically set the OIN based on your connection.
To begin adding to the service catalogue, select Add a Service and choose the type of service you would like to add - eHerkenning (used by Dutch organisations) or eIDAS (used by European citizens).

eHerkenning service configuration

  • Service index: This is used to differentiate your service from the other services you (might) provide. This can be any value between 1 and 9999. The index with 0 is reserved for the portal function in eHerkenning, in case your organisation has a webservice portal that includes various eHerkenning services.
  • Level of Assurance (LoA): Here you can select the desired LoA. Read more about which Level of Assurance to choose for your services. See note below.
  • Service name: Here you should provide a proper and descriptive name for your service (max 64 characters). It should be clear to the users what the service is intended for. Make sure you use a unique service name so no misunderstanding is possible with other services.
    For example: “Apply for a parking permit”.
  • Service description: This is a short description of what the service is intended for (max 1024 characters).
  • Service description URL: Provide a valid URL to your website, explaining what the service can be used for.
  • Support SSO: Here you can toggle the option for Single Sign On (SSO) of the eHerkenning authentication providers on and off. It only works for LoA lower than level 4.
LoA
eIDAS
SAML2
2
Low
urn:etoegang:core:assurance-class:loa2
2+
Low
urn:etoegang:core:assurance-class:loa2plus
3
Substantial
urn:etoegang:core:assurance-class:loa3
4
High
urn:etoegang:core:assurance-class:loa4
IMPORTANT: Service names in the service catalogue are very important. Read more about choosing the name of the service in the FAQ section of the Knowledgebase.

Specifications

  • Support branch offices: If you accept login transactions for branch offices the following applies:
    • You must also accept login transactions without branch office number,
    • You must respect the restriction to act only for a branch office, to ensure a legally valid legal act has been concluded,
    • You may not use the branch office to determine the location, only to determine the limits of the power of representation.
  • User attributes: Also known as Entity Concerned Types (ECTAs), these are an Identifier Set and are a combination of one or more identifying attributes. Read more about Identifiers (ETCAs) here.
  • Requested attributes: You may use optional attributes. Please check the attribute catalogue (in Dutch) for more information if you plan on using additional attributes. Attributes can be divided into Must have and Nice to have. If you set an attribute as "must have", it means the user will not be able to login to your service if he does not want to, or cannot, supply the requested attribute.
Warning: Not all attributes are supported or available by the authentication services or authorisation registries. Therefore, do not set optional attributes as "required" for your service or some portion of users will not be able to login.
  • Purpose statements: If Requested Attributes are chosen, you must add purpose statements to advise the user on the reason for the required attribute.
  • Privacy policy URL: You must add a valid URL to your Privacy Policy for every eHerkenning service. This is required by law and should be consistent with the EU laws regarding Privacy.
Here you can find the official manual (in Dutch) containing the obligations and advice on filling in service catalogue entries:
Handleiding Dienstencatalogus Versie V.pdf
918KB
PDF
Learn more about service catalogue requirements from eHerkenning.
Signicat Identity Broker - Previous
Attribute Filters
Next
Identifiers (ECTAs)
Last modified 21d ago
Copy link
On this page
Introduction
eHerkenning service configuration
Specifications