B2ACCESS is the EUDAT Authentication, Authorization and Identity service. When B2ACCESS is integrated with a given service, you can sign into the service by using EUDAT identity or another identity you have gotten from en external identity providers - universities, social media.
B2ACCESS uses secure communications (like you would see in e-commerce except it is not rated to handle financial data). B2ACCESS has also gone through a security assessment. And don't forget that B2ACCESS - with the exception of identities managed by B2ACCESS itself - never sees your password!
If B2ACCESS is your primary identity provider then press "Forgotten Password?" link between password field and authenticate button. You have to enter your username. Thereafter a reset code will be sent to your registered e-mail address. If you enter the reset code you are able to set a new password.
If you are using an external identity provider, B2ACCESS cannot help you with a forgotten password: you will need to use the helpdesk of your identity provider or password reset mechanism.
If B2ACCESS is your identity provider, then your username is the name you typed into the registration form. Names can have spaces in them, for example "Joe Bloggs".
If your are using an identity from an external identity provider, then please contact their helpdesk.
In this case your identity provider doesn't support identity exchange with B2ACCESS. Please contact their helpdesk and ask for enabling B2ACCESS as service provider. B2ACCESS needs mail and EPPN attributes from your identity provider.
This message is a general error message. A more detailed message is printed on screen behind this error message. Please close it and have a look on details.
This error occurs if something in the response is not signed. In most cases assertion elements within
response messages are not signed. The assertion elements must be signed in SAML2int profile. This profile is the only
allowed profile within eduGain SSO.
B2ACCESS follows these requirements and only accepts responses from identity providers with signed assertion
elements. Please contact your identity provider's helpdesk and ask for singing the assertion elements in
SAML response.
Additional information for IT-staff:
This error occurs often after Shibboleth
update. A working configuration is:
<bean parent="RelyingPartyByName" c:relyingPartyIds="https://b2access.eudat.eu:8443/unitygw/saml-sp-metadata">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO" p:encryptAssertions="true" p:signResponses="true" p:signAssertions="true" p:encryptionOptional="false" p:nameIDFormatPrecedence="#{{'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'}}"/>
</list>
</property>
</bean>
In most cases the external identity provider doesn't release all attributes needed by B2ACCESS. B2ACCESS consumes mail and EPPN attributes. Please contact your identity providers helpdesk and ask for releasing this attributes to B2ACCESS. If this error still occurs although these attributes are release, please contact us. We will try to find a solution for your problem.
Account association is not supported. Your different accounts may have different attribute values which will clash. To avoid problems using the EUDAT services, we decided not to support the account association.
Please use a valid certificate instead of your Apple ID. If you don't have a valid certificate, press "Deny" if you get asked about access to your Apple ID in keychain. B2ACCESS will be loaded after it.
Please contact our helpdesk: you will get an answer very soon!
Get in contact with us: we will provide a great support!
Version 1.6 2020-04-02