Quickstart

Installation

Requirements

  • Python 3.7 or newer

  • setuptools 30.3.0 or above

  • Django 3.2

  • XML system packages, e.g. for Debian/Ubuntu:

    • libxml2-dev

    • libxmlsec1-dev

    • libxmlsec1-openssl

Installation

Install with pip:

pip install django-digid-eherkenning

Add the library and its dependencies to your INSTALLED_APPS:

INSTALLED_APPS = [
    ...,
    # required for digid-eherkenning
    "privates",
    "simple_certmanager",
    "solo",
    "digid_eherkenning",
    ...,
]

The sessionprofile dependency is required if you want to use DigiD Single Logout - it is used to keep track of a user’s sessions.

Creating local users

If you want to create local users as part of the authentication flow, add the authentication backend to the settings:

AUTHENTICATION_BACKENDS = [
    ...,
    "digid_eherkenning.backends.DigiDBackend",
    ...,
]

DigiD Single Logout

DigiD single logout requires the sessionprofile dependency (automatically installed alongside).

Add it to your INSTALLED_APPS:

INSTALLED_APPS = [
    ...,
    # required for digid-eherkenning
    "privates",
    "simple_certmanager",
    "solo",
    # for DigiD single logout
    "sessionprofile",
    "digid_eherkenning",
    ...,
]

And add the middleware before Django’s SessionMiddleware:

 1MIDDLEWARE = [
 2    ...,
 3    "django.middleware.security.SecurityMiddleware",
 4    "sessionprofile.middleware.SessionProfileMiddleware",
 5    "django.contrib.sessions.middleware.SessionMiddleware",
 6    "django.middleware.common.CommonMiddleware",
 7    "django.middleware.csrf.CsrfViewMiddleware",
 8    "django.contrib.auth.middleware.AuthenticationMiddleware",
 9    ...,
10]

Registering URLs

Finally, add the URL patterns to your root urls.py:

from django.urls import path, include


urlpatterns = [
    ...,
    path("", include("digid_eherkenning.urls")),
    ...,
]

The urls module exposes DigiD, eHerkenning and the metadata views. If desired, you can also include the relevant aspects - see digid_eherkenning.urls for the available URL modules.

Configuration

DigiD and eHerkenning are configured in the admin. Additionally, you can use the metadata generation commands with the --save-config option to persist command line configuration into the database.

Note

The signature_algorithm configuration parameter is used only for requests with HTTP Redirect binding. Login request with HTTP Post binding uses the http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 algorithm.

Usage

Admin integration

In the admin you can now provide the DigiD and/or eHerkenning/eIDAS configuration, which will be used at runtime and during metadata generation.

In your code

You can now display login URLs by reversing the appropriate URL:

reverse("digid:login")

or in templates:

{% url 'digid:login' %}