What is B2ACCESS?

B2ACCESS is the EUDAT Authentication, Authorization and Identity service. When B2ACCESS is integrated with a given service, you can sign into the service by using EUDAT identity or another identity you have gotten from en external identity providers - universities, social media.

Can I trust it?

B2ACCESS uses secure communications (like you would see in e-commerce except it is not rated to handle financial data). B2ACCESS has also gone through a security assessment. And don't forget that B2ACCESS - with the exception of identities managed by B2ACCESS itself - never sees your password!

I forgot my password

If B2ACCESS is your primary identity provider then press "Forgotten Password?" link between password field and authenticate button. You have to enter your username. Thereafter a reset code will be sent to your registered e-mail address. If you enter the reset code you are able to set a new password.

If you are using an external identity provider, B2ACCESS cannot help you with a forgotten password: you will need to use the helpdesk of your identity provider or password reset mechanism.

I forgot my username

If B2ACCESS is your identity provider, then your username is the name you typed into the registration form. Names can have spaces in them, for example "Joe Bloggs".

If your are using an identity from an external identity provider, then please contact their helpdesk.

I can not log in with my external identity provider

I got an error page, not the B2ACCESS page itself, before I was able to enter my credentials

In this case your identity provider doesn't support identity exchange with B2ACCESS. Please contact their helpdesk and ask for enabling B2ACCESS as service provider. B2ACCESS needs mail and EPPN attributes from your identity provider.

I got a red error box with "Authentication failed! Invalid user name, credential or external authentication failed."

This message is a general error message. A more detailed message is printed on screen behind this error message. Please close it and have a look on details.

My identity provider is not trusted/does not sign the document

This error occurs if something in the response is not signed. In most cases assertion elements within response messages are not signed. The assertion elements must be signed in SAML2int profile. This profile is the only allowed profile within eduGain SSO. B2ACCESS follows these requirements and only accepts responses from identity providers with signed assertion elements. Please contact your identity provider's helpdesk and ask for singing the assertion elements in SAML response.
Additional information for IT-staff:
This error occurs often after Shibboleth update. A working configuration is:


<bean parent="RelyingPartyByName" c:relyingPartyIds="https://b2access.eudat.eu:8443/unitygw/saml-sp-metadata">
    <property name="profileConfigurations">
        <list>
            <bean parent="SAML2.SSO" p:encryptAssertions="true" p:signResponses="true" p:signAssertions="true" p:encryptionOptional="false" p:nameIDFormatPrecedence="#{{'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'}}"/>
        </list>
    </property>
</bean>
If this error still occurs although the signatures are fine, please contact us. We will try to find a solution for your problem.

The mapping of my remote identity/authentication principal failed

In most cases the external identity provider doesn't release all attributes needed by B2ACCESS. B2ACCESS consumes mail and EPPN attributes. Please contact your identity providers helpdesk and ask for releasing this attributes to B2ACCESS. If this error still occurs although these attributes are release, please contact us. We will try to find a solution for your problem.

I logged in with my external identity provider and want to associate it with an existing account.

Account association is not supported. Your different accounts may have different attribute values which will clash. To avoid problems using the EUDAT services, we decided not to support the account association.

I use a Mac and Safari. After granting access to my keychain, I got a "page could not be loaded" error

Please use a valid certificate instead of your Apple ID. If you don't have a valid certificate, press "Deny" if you get asked about access to your Apple ID in keychain. B2ACCESS will be loaded after it.

Whom should I contact if I have problems/questions/suggestions?

Please contact our helpdesk: you will get an answer very soon!

I want to use B2ACCESS as AAI for my new software: what shall I do?

Get in contact with us: we will provide a great support!

Version 1.4
2016-08-29