Eherkenning support on Identify

Configure Identify System Setup to Support eID Messages


After the tenant creation, the user needs to log in to the Admin site then access the System Setup page to do the following configuration:

  • Sign metadata: Set it to be True.
  • SAML 2 Profile: Choose the profile: eHerkenning
  • Security token resolver factory: Choose the option: “Safewhere.IdentityProvider.Saml2.Tokens.CustomSubResolverSecurityTokenResolverFactory, Safewhere.IdentityProvider.Saml2”.
  • Signing security token sub resolvers: Choose Select All.
  • Encrypting security token sub resolvers: Choose Select All.

Here is the screenshot:

2017-11-08_13-52-14

After clicking the Save button on the System Setup page, please wait for a few minutes to let the change be applied.

Create and Configure a SAML 2.0 Protocol Connection for DV


1. On the connection list, create the new SAML 2.0 Protocol Connection.

2. Import the metadata on the SAML 2.0 Protocol Connection.

3. Open the SAML 2.0 protocol and then choose the SAML 2 Profile, which is “Eherkenning.”.

2017-11-08_13-53-49

Then, click the Save button; it will look like this:

2017-11-07_21-29-15

In addition, when using the Eherkenning  profile, some settings must be customized: The option “Do not encrypt assertions” should be set to True

2017-11-08_13-55-57

Create and Configure a SAML 2.0 Authentication Connection for AD


1. On the connection list, create the new SAML 2.0 Authentication Connection.

2. Import the metadata on the SAML 2.0 Authentication Connection.

3. Open the SAML 2.0 authentication, choose the SAML 2 Profile, which is “Eherkenning,” and then click Save.

2017-11-08_13-58-10