iDIN Simulator

Simulating the iDIN IdP, to test before an actual iDIN connection has been set up

The iDIN simulator supports returning all possible attributes. The actual iDIN implementation will limit the possible combinations of attributes that can be returned during an authentication request. See the ServiceID Calculator from iDIN on https://betaalvereniging.atlassian.net/wiki/spaces/IIDIFMD/overview for more details on possible attribute combinations.

The iDIN simulator is independent from real iDIN and just simulates the messages as they would be returned by a real iDIN Preproduction Acquirer.

Sending a simulated iDIN authentication

Success:

  1. Select Connectis IdP Simulator iDIN issuer as Bank.

  2. Select Success as Issuer Response

  3. Press Doorgaan

  4. Fill in attributes (attributes not mentioned in this list should only be altered when the error handling needs to be tested): Note that the attributes are validated on input format.

    1. Initials

    2. Legal last name prefix

    3. Legal last name

    4. Preferred last name prefix

    5. Preferred last name

    6. Partner last name prefix

    7. Partner last name

    8. Gender (1= …; 2=...; …)

    9. Date of birth (format: YYYYMMDD)

    10. 18 or older (Yes / No)

    11. Country (format: 2 letter country code)

    12. City

    13. Street

    14. House number

    15. Postal code (format: 0000AA)

    16. Address extra

    17. International address 1

    18. International address 2

    19. International address 3

    20. Phone number

    21. Email

  5. Press OK

  6. Modify Response If Necessary (generally not needed)

  7. Press OK

Cancel:

  1. Press Cancel

Error:

  1. Select Connectis IdP Simulator iDIN issuer as Bank.

  2. Select error response you want to return as Issuer Response

  3. Press Doorgaan

  4. Press OK (no need to change any data)

  5. Press OK (no need to modify response)

Response that will be returned to SP

Although the responses are generated by a simulator, they are exactly the same as the original iDIN responses.

Success:

A success message from iDIN contains the following elements:

  • SAML StatusCode: Success

  • The identifier (Transient ID or BIN number) can be found in the NameID element

  • The Level of Assurance can be found in the AuthnContextClassRef element

  • Different attributes can be found in the AttributeStatement element

Cancel & expired:

A cancel or expired message from iDIN contains the following elements:

  • SAML StatusCode: AuthnFailed

Error:

An error message from iDIN is in most cases handled by the Connectis Identity Broker, since most errors concern connection issues. Only Cancel or Expired messages are returned to the SP. For details, see Cancel above.