Add vestiging to eherkenning auth variable. #3967
Comments
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
For eherkenning authentication, this will contain the branch number that the employee is authenticated/authorized for.
9 tasks
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
For eherkenning authentication, this will contain the branch number that the employee is authenticated/authorized for.
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
For eherkenning authentication, this will contain the branch number that the employee is authenticated/authorized for.
sergei-maertens
added a commit
that referenced
this issue
Jul 3, 2024
|
eHerkenning via SAML needs to be covered too, re-opening |
sergei-maertens
added a commit
that referenced
this issue
Jul 15, 2024
This is really hard to test/try out because we don't have a real eherkenning setup with a branch service restriction as far as I can tell... However, piecing together the documentation on: https://afsprakenstelsel.etoegang.nl/Startpagina/v2/interface-specifications-dv-hm (which describes the interface between service provider and makelaar), we should get back the ServiceRestriction SAML attribute if information is available in the MR (machtigingsregister). The examples show that it would not be an encrypted attribute (it sits in the AttributeStatement element): <saml:Attribute Name=urn:etoegang:1.9:ServiceRestriction:Vestigingsnr> <saml:AttributeValue xsi:type=xs:string>123456789012</saml:AttributeValue> </saml:Attribute> The documentation says it would be one or more restriction, so we're assuming that it returns a list of strings of values after processing, similar to the urn:etoegang:core:ServiceID and urn:etoegang:core:ServiceUUID attributes.
sergei-maertens
added a commit
that referenced
this issue
Jul 15, 2024
This is really hard to test/try out because we don't have a real eherkenning setup with a branch service restriction as far as I can tell... However, piecing together the documentation on: https://afsprakenstelsel.etoegang.nl/Startpagina/v2/interface-specifications-dv-hm (which describes the interface between service provider and makelaar), we should get back the ServiceRestriction SAML attribute if information is available in the MR (machtigingsregister). The examples show that it would not be an encrypted attribute (it sits in the AttributeStatement element): <saml:Attribute Name=urn:etoegang:1.9:ServiceRestriction:Vestigingsnr> <saml:AttributeValue xsi:type=xs:string>123456789012</saml:AttributeValue> </saml:Attribute> The documentation says it would be one or more restriction, so we're assuming that it returns a list of strings of values after processing, similar to the urn:etoegang:core:ServiceID and urn:etoegang:core:ServiceUUID attributes. I checked our code in django-digid-eherkenning, and we already by default include the service restriction request in the catalogus request, so no extra work should be needed there, see: https://github.com/maykinmedia/django-digid-eherkenning/blob/0189aceea660d2f4774d238397365f17adeb354a/digid_eherkenning/models/eherkenning.py#L234
11 tasks
|
Not sure why I assigned myself. Assigning to Robin to tackle with the OIDC stuff. |
|
@joeribekker you need to contact Signicat to get representative test accounts where we have an eherkenning middel with a service restriction (because this is the SAMLv2 flow, not OIDC) I have a PR with an implementation, I just can't test it so I have no idea if I'm doing it correctly. |
sergei-maertens
added a commit
that referenced
this issue
Apr 1, 2025
This is really hard to test/try out because we don't have a real eherkenning setup with a branch service restriction as far as I can tell... However, piecing together the documentation on: https://afsprakenstelsel.etoegang.nl/Startpagina/v2/interface-specifications-dv-hm (which describes the interface between service provider and makelaar), we should get back the ServiceRestriction SAML attribute if information is available in the MR (machtigingsregister). The examples show that it would not be an encrypted attribute (it sits in the AttributeStatement element): <saml:Attribute Name=urn:etoegang:1.9:ServiceRestriction:Vestigingsnr> <saml:AttributeValue xsi:type=xs:string>123456789012</saml:AttributeValue> </saml:Attribute> The documentation says it would be one or more restriction, so we're assuming that it returns a list of strings of values after processing, similar to the urn:etoegang:core:ServiceID and urn:etoegang:core:ServiceUUID attributes. I checked our code in django-digid-eherkenning, and we already by default include the service restriction request in the catalogus request, so no extra work should be needed there, see: https://github.com/maykinmedia/django-digid-eherkenning/blob/0189aceea660d2f4774d238397365f17adeb354a/digid_eherkenning/models/eherkenning.py#L234
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You can request the "vestiging" with eHerkenning. This should be available in the auth object.
This also relies on the ticket from Silvia for fixing the template with all the variables (including vestigting).
The text was updated successfully, but these errors were encountered: