DigiD authentication

Warning

This plugin cannot be configured via the admin interface and requires an update of the Open Forms installation.

Some forms can require authentication. Open Forms supports authentication using DigiD. Access to DigiD can typically be obtained via Logius.

Using DigiD for authentication will provide the BSN (social security number) of the authenticated person to the form context. Using the BSN, certain fields can be prefilled with relevant personal data.

Note

Open Forms currently only supports security level (betrouwbaarheidsniveau) “Midden”.

DigiD

SAML2 AuthnContextClassRef element

Basis

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Midden

urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract

Substantieel

urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard

Hoog

urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI

Source: Logius

Step by step overview

  1. Read the requirements for getting access to DigiD on the Logius website. There are several steps that need to be taken on your end that are not covered here.

  2. Request a PKIoverheid Private Services Server G1 certificate at your PKIO SSL certificate supplier. This is required for backchannel communication with Logius (if you already have one for Open Forms, it can be re-used).

  3. Send the following information to your Open Forms supplier in a secure way:

    • Public and private certificate (obtained in step 2)

    • Desired service name (for example: “Digitaal Loket”) shown in DigiD

    • Privacy policy URL of your main website

    Your Open Forms supplier will install the certificates in Open Forms, generate some XML metadata files and sends these back to you.

  4. Request access to the pre-production environment on the Logius website and follow the steps there. To request access, you will need the following information:

    • Zekerheidsniveau: Midden

    • DigiD eenmalig inloggen: Nee

    • URL aansluiting: The Open Forms domain, for example: https://forms.organization.com

    • Webdienstnaam: The same desired service name as given in step 3

    • Metadata: The XML-file provided to you by your Open Forms supplier

    • Publieke deel PKIO-certificaat: The public certificate obtained in step 2

    As technical contact, you should provide your Open Forms supplier contact details.

Problems? You might want to check out Form authentication issues.