From 87995d63bb15584db8610932320cb06e0184a875 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Wed, 10 Jun 2026 16:27:40 +0200 Subject: [PATCH 1/3] login -> log in (as verb) --- UPGRADING.md | 2 +- docs/trusted_proxy.md | 2 +- languages/messages.en.php | 12 ++++++------ languages/messages.nl.php | 12 ++++++------ theme/skeune/translations/messages.en.php | 6 +++--- theme/skeune/translations/messages.nl.php | 2 +- theme/skeune/translations/messages.pt.php | 10 +++++----- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 6561ea398f..cdd2b35009 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -312,7 +312,7 @@ Therefore you should push the data from Manage after you have updated the codeba Be aware that you need to be logged in into manage to push the data after updating the codebase and database schema. In order to let this work you need to do the following: -1. Login into manage +1. Log in to manage 1. Update codebase 1. Run migrations 1. Push metadata diff --git a/docs/trusted_proxy.md b/docs/trusted_proxy.md index 8a432beb1d..8b4e095f63 100644 --- a/docs/trusted_proxy.md +++ b/docs/trusted_proxy.md @@ -56,7 +56,7 @@ Processing of the request: * Both the trusted proxy and the end-SP being proxied must be known to engineblock (= configured as SP entities in Manage) * Both the trusted proxy and the end-SP being proxied must have the same workflow state -* The ACL of both the trusted proxy and the end-SP are verified. Only IdPs are allowed access to both SPs are allowed to login +* The ACL of both the trusted proxy and the end-SP are verified. Only IdPs are allowed access to both SPs are allowed to log in * The ARPs of both the trusted proxy and the end-SP being proxied are applied. Only attributes and attribute values that are allowed by both ARP are included in the response * The attribute manipulations (AMs) of both the trusted proxy and the end-SP are run. The AMs of the trusted proxy are run first. * Stepup-invocation is done if configured for the end-SP. diff --git a/languages/messages.en.php b/languages/messages.en.php index 89e37678f7..3ae57e6ef0 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -168,8 +168,8 @@ 'error_session_lost_desc' => 'To continue to the service an active session is required. However, your session expired. Perhaps you waited too long with logging in? Please go back to the service and try again. If that doesn\'t work, close your browser first and then try again.', 'error_session_not_started' => 'Error - No session found', 'error_session_not_started_desc' => 'To continue to the service an active session is required. However, no session was found. Your browser must accept cookies. Alternatively, the link you used to get to the service might be wrong. Please go back to the service and try again. If that doesn\'t work, try a different browser.', - 'error_unsolicited_response' => 'Error - Sign-in could not be completed', - 'error_unsolicited_response_desc' => 'Your sign-in could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the service you were trying to access and log in from there.', + 'error_unsolicited_response' => 'Error - Login could not be completed', + 'error_unsolicited_response_desc' => 'Your login could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the service you were trying to access and log in from there.', 'error_authorization_policy_violation' => 'Error - Access denied', 'error_authorization_policy_violation_desc' => 'You cannot use %spName% because %idpName% limits access to it (the "Service Provider") with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to %spName%.', 'error_authorization_policy_violation_desc_no_idp_name' => 'You cannot use %spName% because your %organisationNoun% limits access to it (the "Service Provider") with an authorization policy. Please contact the service desk of your %organisationNoun% if you think you should be allowed access to %spName%.', @@ -189,8 +189,8 @@ 'error_unknown_keyid_desc' => 'The requested key-ID is not known to %suiteName%. Perhaps the service provider is using outdated metadata or has a configuration error.', 'error_unknown_preselected_idp' => 'Error - %spName% not accessible through your %organisationNoun%', 'error_unknown_preselected_idp_no_sp_name' => 'Error - Service not accessible through your %organisationNoun%', - 'error_unknown_preselected_idp_desc' => 'The %organisationNoun% that you want to use to login to %spName% did not activate access to it. This means you are unable to use %spName% through %suiteName%. Please contact the service desk of your %organisationNoun% to request access. State it is about %spName% and why you need access.', - 'error_unknown_preselected_idp_desc_no_sp_name' => 'The %organisationNoun% that you want to use to login to this service did not activate access to this service. This means you are unable to use this service through %suiteName%. Please contact the helpdesk of your %organisationNoun% to request access to this service. State what service it is about (the "SP") and why you need access.', + 'error_unknown_preselected_idp_desc' => 'The %organisationNoun% that you want to use to log in to %spName% did not activate access to it. This means you are unable to use %spName% through %suiteName%. Please contact the service desk of your %organisationNoun% to request access. State it is about %spName% and why you need access.', + 'error_unknown_preselected_idp_desc_no_sp_name' => 'The %organisationNoun% that you want to use to log in to this service did not activate access to this service. This means you are unable to use this service through %suiteName%. Please contact the helpdesk of your %organisationNoun% to request access to this service. State what service it is about (the "SP") and why you need access.', 'error_unknown_service_provider' => 'Error - %spName% unknown', 'error_unknown_service_provider_no_sp_name' => 'Error - Unknown service', 'error_unknown_service_provider_desc' => 'You are trying to log in to %spName%, but this is unknown to %suiteName%. Possibly %idpName% has never enabled access to %spName%. If you would like to use it, please contact the service desk of %idpName%.', @@ -235,8 +235,8 @@ 'error_authentication_limit_exceeded_desc' => 'Too many authentications in progress', 'error_no_authentication_request_received' => 'Error - No authentication request received.', 'error_authn_context_class_ref_blacklisted' => 'Error - AuthnContextClassRef value is not allowed', - 'error_authn_context_class_ref_blacklisted_desc' => 'You cannot login because %idpName% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of %idpName% to solve this.', - 'error_authn_context_class_ref_blacklisted_desc_no_idp_name' => 'You cannot login because your %organisationNoun% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of your %organisationNoun% to solve this.', + 'error_authn_context_class_ref_blacklisted_desc' => 'You cannot log in because %idpName% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of %idpName% to solve this.', + 'error_authn_context_class_ref_blacklisted_desc_no_idp_name' => 'You cannot log in because your %organisationNoun% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of your %organisationNoun% to solve this.', 'error_invalid_mfa_authn_context_class_ref' => 'Error - Multi factor authentication failed', 'error_invalid_mfa_authn_context_class_ref_desc' => '%idpName% requires multi-factor authentication for this service. However, your second factor could not be validated. Please contact the service desk of %idpName% to solve this.', 'error_invalid_mfa_authn_context_class_ref_desc_no_idp_name' => 'Your %organisationNoun% requires multi-factor authentication for this service. However, your second factor could not be validated. Please contact the service desk of your %organisationNoun% to solve this.', diff --git a/languages/messages.nl.php b/languages/messages.nl.php index fead1e5847..b89bd30c9b 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -168,8 +168,8 @@ 'error_session_lost_desc' => 'Om verder te gaan naar de dienst heb je een actieve sessie nodig, maar deze is verlopen. Heb je misschien te lang gewacht met inloggen? Ga terug naar de dienst en probeer het nog een keer. Als dat niet werkt, sluit je browser af en probeer nogmaals opnieuw in te loggen.', 'error_session_not_started' => 'Fout - Geen sessie gevonden', 'error_session_not_started_desc' => 'Om verder te gaan naar de dienst heb je een actieve sessie nodig, maar we kunnen deze niet vinden. Je browser moet cookies ondersteunen. Ook kan de link die je hebt gebruikt om bij de dienst te komen, verkeerd zijn. Ga terug naar de dienst en probeer het opnieuw. Als dat niet werkt, probeer een andere browser.', - 'error_unsolicited_response' => 'Fout - Inloggen kon niet worden voltooid', - 'error_unsolicited_response_desc' => 'Je inlogpoging kon niet worden voltooid omdat het inlogverzoek op een niet-ondersteunde manier is gestart. Je bent rechtstreeks naar deze toepassing gestuurd door je identiteitsprovider (bijv. via een bladwijzer, portaltegel of opgeslagen link) zonder eerst een login te starten vanuit de dienst zelf. Dit wordt niet ondersteund. Begin opnieuw vanuit de dienst die je wilt gebruiken en log in via die weg.', + 'error_unsolicited_response' => 'Fout - Inloggen niet gelukt', + 'error_unsolicited_response_desc' => 'loggen is niet gelukt, omdat het een niet-ondersteunde manier is gestart. Je bent rechtstreeks naar deze applicatie gestuurd door je identiteitsverstrekker (bijvoorbeeld via een bladwijzer, portaaltegel of opgeslagen koppeling), in plaats van in te loggen vanuit de applicatie. Dit wordt niet ondersteund. Begin opnieuw vanuit de applicatie die je wil gebruiken en log in via die weg.', 'error_authorization_policy_violation' => 'Fout - Geen toegang', 'error_authorization_policy_violation_desc' => 'Neem contact op met de helpdesk van %idpName% als je toegang tot %spName% wilt. Vermeld daarbij dat je probeerde in te loggen op %spName% en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door %idpName%.', 'error_authorization_policy_violation_desc_no_idp_name' => 'Neem contact op met de helpdesk van je eigen %organisationNoun% als je toegang tot %spName% wilt. Vermeld daarbij dat je probeerde in te loggen op %spName% en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door jouw eigen %organisationNoun%.', @@ -187,8 +187,8 @@ 'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).', 'error_unknown_keyid' => 'Fout - onbekend key-ID', 'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.', - 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%', - 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Dienst niet toegankelijk via %organisationNoun%', + 'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%', + 'error_unknown_preselected_idp_no_sp_name' => 'Fout - Dienst niet toegankelijk via je %organisationNoun%', 'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze dienst via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.', 'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze dienst niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze dienst via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze dienst. Geef daarbij aan om welke dienst het gaat (de "SP") en waarom je toegang wilt.', 'error_unknown_service_provider' => 'Error - %spName% onbekend', @@ -228,8 +228,8 @@ 'error_stuck_in_authentication_loop_desc_no_idp_name' => 'Je bent succesvol ingelogd bij je %organisationNoun% maar %spName% stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar %spName%, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van %spName%.', 'error_stuck_in_authentication_loop_desc_no_sp_name' => 'Je bent succesvol ingelogd bij %idpName% maar de dienst waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de dienst, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de dienst.', 'error_stuck_in_authentication_loop_desc_no_name' => 'Je bent succesvol ingelogd bij je %organisationNoun% maar de dienst waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de dienst, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de dienst.', - 'error_authentication_limit_exceeded' => 'Fout - teveel onafgeronde authenticaties tegelijkertijd.', - 'error_authentication_limit_exceeded_desc' => 'Teveel onafgeronde authenticaties tegelijkertijd.', + 'error_authentication_limit_exceeded' => 'Fout - tt veel gelijktijdige onafgeronde authenticaties.', + 'error_authentication_limit_exceeded_desc' => 'Te veel gelijktijdige onafgeronde authenticaties.', 'error_no_authentication_request_received' => 'Fout - Geen authenticatie-aanvraag ontvangen.', 'error_authn_context_class_ref_blacklisted' => 'Fout - Waarde van AuthnContextClassRef is niet toegestaan', 'error_authn_context_class_ref_blacklisted_desc' => 'Je kunt niet inloggen omdat %idpName% een waarde stuurde voor AuthnContextClassRef die niet is toegestaan. Neem contact op met de helpdesk van %idpName% om dit op te lossen.', diff --git a/theme/skeune/translations/messages.en.php b/theme/skeune/translations/messages.en.php index 39f4ae13d6..8f6b197b70 100644 --- a/theme/skeune/translations/messages.en.php +++ b/theme/skeune/translations/messages.en.php @@ -19,7 +19,7 @@ 'language_switcher' => 'Language switcher', // FOOTER - 'log_in_to' => 'Select an account to login to %arg1%', + 'log_in_to' => 'Select an account to log in to %arg1%', 'helpLink' => 'https://support.surfconext.nl/wayf-en', 'footer_navigation_screenreader' => 'Footer navigation', @@ -38,7 +38,7 @@ 'wayf_noscript_warning_end' => 'You can, off course, still log in.', 'wayf_delete_account_screenreader' => 'Delete %idpTitle% from your accounts', 'wayf_deleted_account_screenreader' => ' was deleted from your accounts', - 'wayf_remaining_idps_title_screenreader' => 'Login with an account from the list below', + 'wayf_remaining_idps_title_screenreader' => 'Log in with an account from the list below', 'wayf_select_account_screenreader' => 'Select an account from the list below', 'wayf_search_placeholder' => 'Search...', 'wayf_search_screenreader' => 'Search for an %organisationNoun%', @@ -60,7 +60,7 @@ 'wayf_defaultIdp_start' => 'If your %organisation_noun% is not listed,', 'wayf_defaultIdp_linkText' => '%defaultIdpName% is available as an alternative.', 'wayf_remaining_idps_search_label' => 'Or search for a Dutch institution from the list', - 'wayf_idp_title_screenreader' => 'Login with ', + 'wayf_idp_title_screenreader' => 'Log in with ', 'wayf_idp_title_noaccess_screenreader' => 'No access with', // Consent diff --git a/theme/skeune/translations/messages.nl.php b/theme/skeune/translations/messages.nl.php index f76f9940e1..ae59ef51f6 100644 --- a/theme/skeune/translations/messages.nl.php +++ b/theme/skeune/translations/messages.nl.php @@ -37,7 +37,7 @@ 'wayf_noscript_warning_end' => 'Vanzelfsprekend kun je wel gewoon inloggen.', 'wayf_delete_account_screenreader' => 'Verwijder %idpTitle% uit je accounts', 'wayf_deleted_account_screenreader' => ' werd verwijderd uit uw accounts', - 'wayf_remaining_idps_title_screenreader' => 'Login met een account uit de onderstaande lijst', + 'wayf_remaining_idps_title_screenreader' => 'Log in met een account uit de onderstaande lijst', 'wayf_select_account_screenreader' => 'Selecteer een account uit de onderstaande lijst', 'wayf_search_placeholder' => 'Zoeken...', 'wayf_search_screenreader' => 'Zoek naar een %organisationNoun%', diff --git a/theme/skeune/translations/messages.pt.php b/theme/skeune/translations/messages.pt.php index 60b21b8141..24c3b516cf 100644 --- a/theme/skeune/translations/messages.pt.php +++ b/theme/skeune/translations/messages.pt.php @@ -19,7 +19,7 @@ 'language_switcher' => 'Language switcher', // FOOTER - 'log_in_to' => 'Select an %organisationNoun% to login to %arg1%', + 'log_in_to' => 'Select an %organisationNoun% to log in to %arg1%', 'helpLink' => 'https://support.surfconext.nl/wayf-en', 'footer_navigation_screenreader' => 'Footer navigation', @@ -38,7 +38,7 @@ 'wayf_noscript_warning_end' => 'You can, off course, still log in.', 'wayf_delete_account_screenreader' => 'Delete %idpTitle% from your accounts', 'wayf_deleted_account_screenreader' => ' was deleted from your accounts', - 'wayf_remaining_idps_title_screenreader' => 'Login with an account from the list below', + 'wayf_remaining_idps_title_screenreader' => 'Log in with an account from the list below', 'wayf_select_account_screenreader' => 'Select an account from the list below', 'wayf_search_placeholder' => 'Search...', 'wayf_search_screenreader' => 'Search for an %organisationNoun%', @@ -60,7 +60,7 @@ 'wayf_defaultIdp_start' => 'If your %organisation_noun% is not listed,', 'wayf_defaultIdp_linkText' => '%defaultIdpName% is available as an alternative.', 'wayf_remaining_idps_search_label' => 'Ou procure uma instituição neerlandesa na lista', - 'wayf_idp_title_screenreader' => 'Login with ', + 'wayf_idp_title_screenreader' => 'Log in with ', 'wayf_idp_title_noaccess_screenreader' => 'No access with', // Consent @@ -78,9 +78,9 @@ 'consent_disclaimer_privacy_policy' => 'privacy policy', 'consent_disclaimer_secure' => 'is being used by your %orgNoun% to securely send your information to %spName% (read more about', 'consent_reject_text_skeune_header' => "You don't want to share your data with the service", - 'consent_reject_text_skeune_body' => "The service you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please login to the service again and this screen will reappear.", + 'consent_reject_text_skeune_body' => "The service you're logging in to requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please log in to the service again and this screen will reappear.", 'consent_nok_title' => "You don't want to share your data with the service", - 'consent_nok_text' => "The service you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please login to the service again and this screen will reappear.", + 'consent_nok_text' => "The service you're logging into requires your data to function properly. If you prefer not to share your data, you cannot use this service. By closing your browser or just this tab you prevent your information from being shared with the service. If you change your mind later, please log in to the service again and this screen will reappear.", 'consent_groupmembership_show_more' => 'Show more', 'consent_groupmembership_show_less' => 'Show less', 'consent_warning_allowed_html' => '
', From 2148ecc6651f53465d453cdde1c793e02e24e1a3 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Wed, 10 Jun 2026 16:45:59 +0200 Subject: [PATCH 2/3] fix tests --- .../Features/Bindings.feature | 2 +- .../Features/SpProxy.feature | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature index 8c631c783d..7cf144063e 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature @@ -117,7 +117,7 @@ Feature: And I pass through EngineBlock And I pass through the IdP Then the url should match "authentication/feedback/unsolicited-response" - And I should see "Error - Sign-in could not be completed" + And I should see "Error - Login could not be completed" Scenario: EngineBlock falls back to HTTP-POST when an unsupported ProtocolBinding is requested Given the SP requests ProtocolBinding "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature index 98c3b2ec32..5daa6afa78 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature @@ -92,7 +92,7 @@ Feature: And SP "Step Up" is a trusted proxy And SP "Step Up" signs its requests When I log in at "Step Up" - Then I should see "Select an account to login to Loa SP" + Then I should see "Select an account to log in to Loa SP" And I select "AlwaysAuth" on the WAYF And I pass through EngineBlock And I pass through the IdP @@ -261,7 +261,7 @@ Feature: # Bug report: https://www.pivotaltracker.com/story/show/164069793 Then I should not see "Error - No organisations found" # The WAYF should be visible - And I should see "Select an account to login to" + And I should see "Select an account to log in to" Scenario: Trusted proxy not signing requests results in an error Given SP "Step Up" is authenticating for SP "Loa SP" From 6f02577b4919904bc05da0419cfdf4a69cd9c056 Mon Sep 17 00:00:00 2001 From: Floris Fokkinga Date: Wed, 10 Jun 2026 16:54:27 +0200 Subject: [PATCH 3/3] fix test --- .../EngineBlockBundle/Controller/FeedbackControllerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php b/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php index 79aa32756e..af4523d686 100644 --- a/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php +++ b/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php @@ -38,7 +38,7 @@ public function session_not_started_returns_400_with_expected_content(): void #[Test] public function unsolicited_response_returns_400_with_expected_content(): void { - $this->assertFeedbackPage('/authentication/feedback/unsolicited-response', Response::HTTP_BAD_REQUEST, 'Sign-in could not be completed'); + $this->assertFeedbackPage('/authentication/feedback/unsolicited-response', Response::HTTP_BAD_REQUEST, 'Login could not be completed'); } #[Test]