[this topic is under development]
Safewhere*Identify 4.3 fully supports the HM role that is defined by eHerkenning specifications at https://afsprakenstelsel.etoegang.nl/display/as/Interface+specifications+DV-HM+1.9 and https://afsprakenstelsel.etoegang.nl/display/as/Interface+specifications+HM-AD+1.9. The following topics will guide you through the set up process to let Safewhere*Identify work as the HM:

1. Configure Identify system set up to support eID messages
Go to System Set up and change the Profile setting to eHerkenning. [Screenshot]
For the sub resolver setting, you will need to select both the [insert full keyname here] sub resolver and the [insert full outofband here] sub resolver. Please refer to [insert link to a topic about sub resolver] for more details about how sub resolvers can help to resolve security key from KeyInfo.
2. Create and configure a Saml 2.0 protocol connection for DV
3. Create and configure a Saml 2.0 authentication connection for AD
4. Set up Saml 2.0 for WIF product as a test DV for testing

The latest build of Saml 2.0 for WIF can handle eID response messages that are supposed to be returned to the DV to some extent. More precisely, it is able to read and verify the signatures of the Response element and the Assertion element of a DV message, but it neither able to the verify signature of the enclosed Assertion element inside the Advice element nor to decrypt all the EncryptedAttribute and EncryptedId attributes.