DigiD Identity Provider
SAML Identity Provider
DigiD is a SAML based Identity Provider, therefore to get a full understanding of how it works, please look at the SAML Identity Providers topic guide first.
DigiD uses SAML Artifact binding support which requires Mutual SSL to be configured.
- DigiD only accepts PKI-Government certificates for authentication of web services of service providers
- Please make sure that the keys are using PKCS1 format.
To enable Onegini IDP to establish a secure Mutual SSL connection when SAML artifact is being resolved the following environmental variables are required to be configured. Please follow the properties page to see how to use below properties:
Please also make sure that the DigiD's public certificate is trusted - added to the TrustStore. If you want to provide your own TustStore file, please have a look at the following configuration properties:
Saml message signing
The PKI-Government certificate that has been used to set up the SSL connection MUST be also used for signing SAML messages. The private key provided to the Onegini IDP needs to be in the PKCS1 format. Please follow the properties page to see how to use below properties:
Troubleshooting In case you are experiencing issues during SAML Artifact resolution from DigiD and are receiving a 404 Not Found status code in the response please, double check your SAML signing configuration.
Required authentication level
Choose the minimum authentication level. If the user did not meet the required authentication level in DigiD, the authentication will be rejected in Onegini IDP.
|DigiD Authentication level (betrouwbaarheidsniveau)|
Mapping the NameID
It is possible to map DigiD's NameID value to a custom attribute when configuring DigiD as identity provider in Onegini IDP, despite NameID not being a SAML attribute.
NameID as custom attribute, in
Custom attribute mapping section use
Attribute to map from field and choose any name you would like to map it to.