Quickstart
Installation
Requirements
Python 3.7 or newer
setuptools 30.3.0 or above
Django 3.2
XML system packages, e.g. for Debian/Ubuntu:
libxml2-dev
libxmlsec1-dev
libxmlsec1-openssl
Installation
Install with pip:
pip install django-digid-eherkenning
Add the library and its dependencies to your INSTALLED_APPS
:
INSTALLED_APPS = [
...,
# required for digid-eherkenning
"privates",
"simple_certmanager",
"solo",
"digid_eherkenning",
...,
]
The sessionprofile
dependency is required if you want to use DigiD Single Logout -
it is used to keep track of a user’s sessions.
Creating local users
If you want to create local users as part of the authentication flow, add the authentication backend to the settings:
AUTHENTICATION_BACKENDS = [
...,
"digid_eherkenning.backends.DigiDBackend",
...,
]
DigiD Single Logout
DigiD single logout requires the sessionprofile
dependency (automatically installed
alongside).
Add it to your INSTALLED_APPS
:
INSTALLED_APPS = [
...,
# required for digid-eherkenning
"privates",
"simple_certmanager",
"solo",
# for DigiD single logout
"sessionprofile",
"digid_eherkenning",
...,
]
And add the middleware before Django’s SessionMiddleware
:
1MIDDLEWARE = [
2 ...,
3 "django.middleware.security.SecurityMiddleware",
4 "sessionprofile.middleware.SessionProfileMiddleware",
5 "django.contrib.sessions.middleware.SessionMiddleware",
6 "django.middleware.common.CommonMiddleware",
7 "django.middleware.csrf.CsrfViewMiddleware",
8 "django.contrib.auth.middleware.AuthenticationMiddleware",
9 ...,
10]
Registering URLs
Finally, add the URL patterns to your root urls.py
:
from django.urls import path, include
urlpatterns = [
...,
path("", include("digid_eherkenning.urls")),
...,
]
The urls
module exposes DigiD, eHerkenning and the metadata views. If desired,
you can also include the relevant aspects - see digid_eherkenning.urls
for the
available URL modules.
Configuration
DigiD and eHerkenning are configured in the admin. Additionally, you can use the
metadata generation commands with the --save-config
option to persist command line
configuration into the database.
Note
The signature_algorithm
configuration parameter is used only for requests with
HTTP Redirect binding. Login request with HTTP Post binding uses the
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
algorithm.
Usage
Admin integration
In the admin you can now provide the DigiD and/or eHerkenning/eIDAS configuration, which will be used at runtime and during metadata generation.
In your code
You can now display login URLs by reversing the appropriate URL:
reverse("digid:login")
or in templates:
{% url 'digid:login' %}