DigiD Login Module

Release 1.2 - ...

DigiD Login Module

The DigiD login module, together with the DigiD membership provider, encapsulates the complete DigiD authentication process. Although the actual authentication takes place on (one of) the DigiD site, the DigiD login module initiates the whole process.

The DigiD site/server will, after succesful authentication, redirects the user back to the original url, so it is mandatory to create a separate item containing the DigiD login module. Then, the redirect from DigiD is checked and processed, and when the user is authorized he/she will be redirected back to the requested url for which DigiD authentication was required.

When authentication fails, or the user cancels the authentication process, the DigiD login module will simply return a resultcode. This result should be captured and processed on the sxml level (see example below).

Smartsite SXML CopyCode image Copy Code
<se:digidlogin save="loginresult" profilename="simulator" impersonate="true" />
<se:switch>
 <se:case expression="$loginresult=='0040'">
  <p>Inlog geannuleerd.</p>
 </se:case>
 <se:case>
  Fout [{buffer.get(loginresult)}]
 </se:case>
</se:switch> 

This is the basic operation and purpose of the DigiD login module, the attributes of the module described below can be used to tweak its basic operation.

Impersonate

Determines if "impersonation" should be used (defaults to false). By default, users authenticated by DigiD will still be the Smartsite Guest (account) as far as rendering is concerned. However, when impersonate has been set to true, the DigiD-authenticated user will be logged on as a specific Smartsite user,  dependent on the security code ("betrouwbaarheidsniveau") returned from the DigiD login process. Which account should be used for which security code should be configured within the Smartsite.DigiD.config configuration file, specifically the smartsiteaccounts element.

Profilename

To facilitate SaaS implementations or just a test-scenario (e.g. using the simulator), the DigiD login module provides the profilename attribute. If specified, the profilename should be equal to the name attribute of one of the smartsite.digid elements within the Smartsite.DigiD.config file. Each profile, in fact, just contains an unique set of configuration parameters for a particular implementation.

CallbackUrl

Gets or sets the callback url, which is the url to which the DigiD site/server should redirect back after authentication. Defaults to the current url, which usually will be the DigiD login item containing the DigiD login module. You do not need to set this parameter, unless you have a very advanced and complex scenario.

Tracing

The DigiD login module, as well as the DigiD membership provider which is used internally, uses the LogWriter extensively to submit trace information. The category used for the trace messages is Digid. When DigiD authentication and/or (initial) integration fails, enable trace logging to get more insight of what might go wrong.