Safewhere*Identify and eHerkenning specifications

[this topic is under development] Safewhere*Identify 4.3 fully supports the HM role that is defined by eHerkenning specifications at and The following topics will guide you through the setup process to let Safewhere*Identify work as the HM:

1. Configure Identify system setup to support eID messages.
Go to System Setup and change the Profile setting to eHerkenning. [Screenshot] For the sub resolver setting, you need to select both the [insert full keyname here] sub resolver and the [insert full outofband here] sub resolver. Please refer to [insert link to a topic about sub resolver] for more details about how sub resolvers can help to resolve security key from KeyInfo.
2. Create and configure a SAML 2.0 Protocol Connection for DV.
3. Create and configure a SAML 2.0 Authentication Connection for AD.
4. Set up SAML 2.0 for WIF product as a test DV for testing.

The latest build of SAML 2.0 for WIF can handle eID response messages that are supposed to be returned to the DV to some extent. More precisely, it is able to read and verify the signatures of the Response element and the Assertion element of a DV message, but it is neither able to read the verify signature of the enclosed Assertion element inside the Advice element nor to decrypt all the EncryptedAttribute and EncryptedId attributes.