Eherkenning support on Safewhere Identify

Configure Identify Settings to Support eID Messages

After the tenant creation, the user needs to log in to the Safewhere Admin site then access the Settings page to do the following configuration:

  • Sign metadata: Set it to be True.
  • SAML 2 Profile: Choose the profile: eHerkenning
  • Security token resolver factory: Choose the option: "Safewhere.IdentityProvider.Saml2.Tokens.CustomSubResolverSecurityTokenResolverFactory, Safewhere.IdentityProvider.Saml2".
  • Signing security token sub resolvers: select all items.
  • Encrypting security token sub resolvers: select all items.

Here is the screenshot:

eHerkenning profile settings

After clicking the Save button on the System Setup page, please wait for a few minutes to let the change be applied.

Create and Configure a SAML Application for DV

  1. Using Safewhere Admin, go to Applications page and create a SAML application.
  2. Import the metadata for that application.
  3. Open the SAML application, go to tab Connections - section Advanced and then choose the SAML 2 Profile, which is "Eherkenning".

eHerkenning application settings

Then, click the Save button; it will look like this:

eHerkenning application settings

In addition, when using the Eherkenning  profile, some settings must be customized: The option "Do not encrypt assertions" should be set to True

Create and Configure a SAML Identity provider for AD

  1. Using Safewhere Admin, go to Identity providers page and create a SAML identity provider.
  2. Import the metadata for that SAML identity provider.
  3. Open the SAML identity provider, choose the SAML 2 Profile, which is "Eherkenning," and then click Save.