DigiD authentication¶
Warning
This plugin cannot be configured via the admin interface and requires an update of the Open Forms installation.
Some forms can require authentication. Open Forms supports authentication using DigiD. Access to DigiD can typically be obtained via Logius.
Using DigiD for authentication will provide the BSN (social security number) of the authenticated person to the form context. Using the BSN, certain fields can be prefilled with relevant personal data.
Note
Open Forms currently only supports security level (betrouwbaarheidsniveau) “Midden”.
DigiD |
SAML2 AuthnContextClassRef element |
---|---|
Basis |
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
Midden |
urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract |
Substantieel |
|
Hoog |
Source: Logius
Step by step overview¶
Read the requirements for getting access to DigiD on the Logius website. There are several steps that need to be taken on your end that are not covered here.
Request a PKIoverheid Private Services Server G1 certificate at your PKIO SSL certificate supplier. This is required for backchannel communication with Logius (if you already have one for Open Forms, it can be re-used).
Send the following information to your Open Forms supplier in a secure way:
Public and private certificate (obtained in step 2)
Desired service name (for example: “Digitaal Loket”) shown in DigiD
Privacy policy URL of your main website
Your Open Forms supplier will install the certificates in Open Forms, generate some XML metadata files and sends these back to you.
Request access to the pre-production environment on the Logius website and follow the steps there. To request access, you will need the following information:
Zekerheidsniveau:
Midden
DigiD eenmalig inloggen:
Nee
URL aansluiting: The Open Forms domain, for example: https://forms.organization.com
Webdienstnaam: The same desired service name as given in step 3
Metadata: The XML-file provided to you by your Open Forms supplier
Publieke deel PKIO-certificaat: The public certificate obtained in step 2
As technical contact, you should provide your Open Forms supplier contact details.
Problems? You might want to check out Form authentication issues.