OpenConext · FlorisFokkinga · Jun 10, 2026 · Jun 10, 2026 · Jun 10, 2026
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -312,7 +312,7 @@ Therefore you should push the data from Manage after you have updated the codeba
 Be aware that you need to be logged in into manage to push the data after updating the codebase and database schema.
 
 In order to let this work you need to do the following:
-1. Login into manage
+1. Log in to manage
 1. Update codebase
 1. Run migrations
 1. Push metadata

diff --git a/docs/trusted_proxy.md b/docs/trusted_proxy.md
@@ -56,7 +56,7 @@ Processing of the request:
 * Both the trusted proxy and the end-SP being proxied must be known to engineblock (= configured as SP entities in Manage)
 * Both the trusted proxy and the end-SP being proxied must have the same workflow state
 
-* The ACL of both the trusted proxy and the end-SP are verified. Only IdPs are allowed access to both SPs are allowed to login
+* The ACL of both the trusted proxy and the end-SP are verified. Only IdPs are allowed access to both SPs are allowed to log in
 * The ARPs of both the trusted proxy and the end-SP being proxied are applied. Only attributes and attribute values that are allowed by both ARP are included in the response
 * The attribute manipulations (AMs) of both the trusted proxy and the end-SP are run. The AMs of the trusted proxy are run first.
 * Stepup-invocation is done if configured for the end-SP.

diff --git a/languages/messages.en.php b/languages/messages.en.php
@@ -168,8 +168,8 @@
     'error_session_lost_desc'       => 'To continue to the service an active session is required. However, your session expired. Perhaps you waited too long with logging in? Please go back to the service and try again. If that doesn\'t work, close your browser first and then try again.',
     'error_session_not_started'            => 'Error - No session found',
     'error_session_not_started_desc'       => 'To continue to the service an active session is required. However, no session was found. Your browser must accept cookies. Alternatively, the link you used to get to the service might be wrong. Please go back to the service and try again. If that doesn\'t work, try a different browser.',
-    'error_unsolicited_response'      => 'Error - Sign-in could not be completed',
-    'error_unsolicited_response_desc' => 'Your sign-in could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the service you were trying to access and log in from there.',
+    'error_unsolicited_response'      => 'Error - Login could not be completed',
+    'error_unsolicited_response_desc' => 'Your login could not be completed because the login request was initiated in a way that is not supported. You were sent directly to this application by your identity provider (e.g. via a bookmark, portal tile, or saved link) without first starting a login from this application. This is not supported. Please start again from the service you were trying to access and log in from there.',
     'error_authorization_policy_violation'            => 'Error - Access denied',
     'error_authorization_policy_violation_desc'       => 'You cannot use %spName% because %idpName% limits access to it (the "Service Provider") with an authorization policy. Please contact the service desk of %idpName% if you think you should be allowed access to %spName%.',
     'error_authorization_policy_violation_desc_no_idp_name'       => 'You cannot use %spName% because your %organisationNoun% limits access to it (the "Service Provider") with an authorization policy. Please contact the service desk of your %organisationNoun% if you think you should be allowed access to %spName%.',
@@ -189,8 +189,8 @@
     'error_unknown_keyid_desc' => 'The requested key-ID is not known to %suiteName%. Perhaps the service provider is using outdated metadata or has a configuration error.',
     'error_unknown_preselected_idp' => 'Error - %spName% not accessible through your %organisationNoun%',
     'error_unknown_preselected_idp_no_sp_name' => 'Error - Service not accessible through your %organisationNoun%',
-    'error_unknown_preselected_idp_desc' => 'The %organisationNoun% that you want to use to login to %spName% did not activate access to it. This means you are unable to use %spName% through %suiteName%. Please contact the service desk of your %organisationNoun% to request access. State it is about %spName% and why you need access.',
-    'error_unknown_preselected_idp_desc_no_sp_name' => 'The %organisationNoun% that you want to use to login to this service did not activate access to this service. This means you are unable to use this service through %suiteName%. Please contact the helpdesk of your %organisationNoun% to request access to this service. State what service it is about (the "SP") and why you need access.',
+    'error_unknown_preselected_idp_desc' => 'The %organisationNoun% that you want to use to log in to %spName% did not activate access to it. This means you are unable to use %spName% through %suiteName%. Please contact the service desk of your %organisationNoun% to request access. State it is about %spName% and why you need access.',
+    'error_unknown_preselected_idp_desc_no_sp_name' => 'The %organisationNoun% that you want to use to log in to this service did not activate access to this service. This means you are unable to use this service through %suiteName%. Please contact the helpdesk of your %organisationNoun% to request access to this service. State what service it is about (the "SP") and why you need access.',
     'error_unknown_service_provider'            => 'Error - %spName% unknown',
     'error_unknown_service_provider_no_sp_name' => 'Error - Unknown service',
     'error_unknown_service_provider_desc'     => 'You are trying to log in to %spName%, but this is unknown to %suiteName%. Possibly %idpName% has never enabled access to %spName%. If you would like to use it, please contact the service desk of %idpName%.',
@@ -235,8 +235,8 @@
     'error_authentication_limit_exceeded_desc' => 'Too many authentications in progress',
     'error_no_authentication_request_received' => 'Error - No authentication request received.',
     'error_authn_context_class_ref_blacklisted'                     => 'Error - AuthnContextClassRef value is not allowed',
-    'error_authn_context_class_ref_blacklisted_desc'                => 'You cannot login because %idpName% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of %idpName% to solve this.',
-    'error_authn_context_class_ref_blacklisted_desc_no_idp_name'                => 'You cannot login because your %organisationNoun% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of your %organisationNoun% to solve this.',
+    'error_authn_context_class_ref_blacklisted_desc'                => 'You cannot log in because %idpName% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of %idpName% to solve this.',
+    'error_authn_context_class_ref_blacklisted_desc_no_idp_name'                => 'You cannot log in because your %organisationNoun% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of your %organisationNoun% to solve this.',
     'error_invalid_mfa_authn_context_class_ref' => 'Error - Multi factor authentication failed',
     'error_invalid_mfa_authn_context_class_ref_desc' => '%idpName% requires multi-factor authentication for this service. However, your second factor could not be validated. Please contact the service desk of %idpName% to solve this.',
     'error_invalid_mfa_authn_context_class_ref_desc_no_idp_name' => 'Your %organisationNoun% requires multi-factor authentication for this service. However, your second factor could not be validated. Please contact the service desk of your %organisationNoun% to solve this.',

diff --git a/languages/messages.nl.php b/languages/messages.nl.php
@@ -168,8 +168,8 @@
     'error_session_lost_desc'           => 'Om verder te gaan naar de dienst heb je een actieve sessie nodig, maar deze is verlopen. Heb je misschien te lang gewacht met inloggen? Ga terug naar de dienst en probeer het nog een keer. Als dat niet werkt, sluit je browser af en probeer nogmaals opnieuw in te loggen.',
     'error_session_not_started'                => 'Fout - Geen sessie gevonden',
     'error_session_not_started_desc'           => 'Om verder te gaan naar de dienst heb je een actieve sessie nodig, maar we kunnen deze niet vinden. Je browser moet cookies ondersteunen. Ook kan de link die je hebt gebruikt om bij de dienst te komen, verkeerd zijn. Ga terug naar de dienst en probeer het opnieuw. Als dat niet werkt, probeer een andere browser.',
-    'error_unsolicited_response'      => 'Fout - Inloggen kon niet worden voltooid',
-    'error_unsolicited_response_desc' => 'Je inlogpoging kon niet worden voltooid omdat het inlogverzoek op een niet-ondersteunde manier is gestart. Je bent rechtstreeks naar deze toepassing gestuurd door je identiteitsprovider (bijv. via een bladwijzer, portaltegel of opgeslagen link) zonder eerst een login te starten vanuit de dienst zelf. Dit wordt niet ondersteund. Begin opnieuw vanuit de dienst die je wilt gebruiken en log in via die weg.',
+    'error_unsolicited_response'      => 'Fout - Inloggen niet gelukt',
+    'error_unsolicited_response_desc' => 'loggen is niet gelukt, omdat het een niet-ondersteunde manier is gestart. Je bent rechtstreeks naar deze applicatie gestuurd door je identiteitsverstrekker (bijvoorbeeld via een bladwijzer, portaaltegel of opgeslagen koppeling), in plaats van in te loggen vanuit de applicatie. Dit wordt niet ondersteund. Begin opnieuw vanuit de applicatie die je wil gebruiken en log in via die weg.',
     'error_authorization_policy_violation'            => 'Fout - Geen toegang',
     'error_authorization_policy_violation_desc'       => 'Neem contact op met de helpdesk van %idpName% als je toegang tot %spName% wilt. Vermeld daarbij dat je probeerde in te loggen op %spName% en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door %idpName%.',
     'error_authorization_policy_violation_desc_no_idp_name'       => 'Neem contact op met de helpdesk van je eigen %organisationNoun% als je toegang tot %spName% wilt. Vermeld daarbij dat je probeerde in te loggen op %spName% en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door jouw eigen %organisationNoun%.',
@@ -187,8 +187,8 @@
     'error_unsupported_signature_method_desc' => 'De ondertekeningsmethode %arg1% wordt niet ondersteund, upgrade naar RSA-SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256).',
     'error_unknown_keyid' => 'Fout - onbekend key-ID',
     'error_unknown_keyid_desc' => 'De gevraagde key-ID is niet bekend bij %suiteName%. Wellicht gebruikt de service provider achterhaalde metadata of is er sprake van een andere configuratiefout.',
-    'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via %organisationNoun%',
-    'error_unknown_preselected_idp_no_sp_name' => 'Fout - Dienst niet toegankelijk via %organisationNoun%',
+    'error_unknown_preselected_idp' => 'Fout - %spName% niet toegankelijk via je %organisationNoun%',
+    'error_unknown_preselected_idp_no_sp_name' => 'Fout - Dienst niet toegankelijk via je %organisationNoun%',
     'error_unknown_preselected_idp_desc' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot %spName% niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze dienst via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot %spName%. Geef daarbij aan dat het om %spName% gaat en waarom je toegang wilt.',
     'error_unknown_preselected_idp_desc_no_sp_name' => 'De %organisationNoun% waarmee je wilt inloggen heeft toegang tot deze dienst niet geactiveerd. Dat betekent dat jij geen gebruik kunt maken van deze dienst via %suiteName%. Neem contact op met de helpdesk van jouw %organisationNoun% als je toegang wilt krijgen tot deze dienst. Geef daarbij aan om welke dienst het gaat (de "SP") en waarom je toegang wilt.',
     'error_unknown_service_provider'                => 'Error - %spName% onbekend',
@@ -228,8 +228,8 @@
     'error_stuck_in_authentication_loop_desc_no_idp_name' => 'Je bent succesvol ingelogd bij je %organisationNoun% maar %spName% stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar %spName%, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van %spName%.',
     'error_stuck_in_authentication_loop_desc_no_sp_name' => 'Je bent succesvol ingelogd bij %idpName% maar de dienst waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de dienst, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de dienst.',
     'error_stuck_in_authentication_loop_desc_no_name' => 'Je bent succesvol ingelogd bij je %organisationNoun% maar de dienst waar je naartoe wilt stuurt je weer terug naar %suiteName%. Omdat je succesvol bent ingelogd, stuurt %suiteName% je weer naar de dienst, wat resulteert in een oneindig zwart gat. Dit komt waarschijnlijk door een foutje aan de kant van de dienst.',
-    'error_authentication_limit_exceeded' => 'Fout - teveel onafgeronde authenticaties tegelijkertijd.',
-    'error_authentication_limit_exceeded_desc' => 'Teveel onafgeronde authenticaties tegelijkertijd.',
+    'error_authentication_limit_exceeded' => 'Fout - tt veel gelijktijdige onafgeronde authenticaties.',
+    'error_authentication_limit_exceeded_desc' => 'Te veel gelijktijdige onafgeronde authenticaties.',
     'error_no_authentication_request_received' => 'Fout - Geen authenticatie-aanvraag ontvangen.',
     'error_authn_context_class_ref_blacklisted' => 'Fout - Waarde van AuthnContextClassRef is niet toegestaan',
     'error_authn_context_class_ref_blacklisted_desc' => 'Je kunt niet inloggen omdat %idpName% een waarde stuurde voor AuthnContextClassRef die niet is toegestaan. Neem contact op met de helpdesk van %idpName% om dit op te lossen.',

diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Bindings.feature
@@ -117,7 +117,7 @@ Feature:
       And I pass through EngineBlock
       And I pass through the IdP
      Then the url should match "authentication/feedback/unsolicited-response"
-      And I should see "Error - Sign-in could not be completed"
+      And I should see "Error - Login could not be completed"
 
   Scenario: EngineBlock falls back to HTTP-POST when an unsupported ProtocolBinding is requested
     Given the SP requests ProtocolBinding "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/SpProxy.feature
@@ -92,7 +92,7 @@ Feature:
       And SP "Step Up" is a trusted proxy
       And SP "Step Up" signs its requests
      When I log in at "Step Up"
-     Then I should see "Select an account to login to Loa SP"
+     Then I should see "Select an account to log in to Loa SP"
       And I select "AlwaysAuth" on the WAYF
       And I pass through EngineBlock
       And I pass through the IdP
@@ -261,7 +261,7 @@ Feature:
          # Bug report: https://www.pivotaltracker.com/story/show/164069793
     Then I should not see "Error - No organisations found"
          # The WAYF should be visible
-     And I should see "Select an account to login to"
+     And I should see "Select an account to log in to"
 
   Scenario: Trusted proxy not signing requests results in an error
     Given SP "Step Up" is authenticating for SP "Loa SP"

diff --git a/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php b/tests/functional/OpenConext/EngineBlockBundle/Controller/FeedbackControllerTest.php
@@ -38,7 +38,7 @@ public function session_not_started_returns_400_with_expected_content(): void
     #[Test]
     public function unsolicited_response_returns_400_with_expected_content(): void
     {
-        $this->assertFeedbackPage('/authentication/feedback/unsolicited-response', Response::HTTP_BAD_REQUEST, 'Sign-in could not be completed');
+        $this->assertFeedbackPage('/authentication/feedback/unsolicited-response', Response::HTTP_BAD_REQUEST, 'Login could not be completed');
     }
 
     #[Test]

diff --git a/theme/skeune/translations/messages.en.php b/theme/skeune/translations/messages.en.php
@@ -19,7 +19,7 @@
     'language_switcher'     => 'Language switcher',
 
     // FOOTER
-    'log_in_to'     => 'Select an account to login to %arg1%',
+    'log_in_to'     => 'Select an account to log in to %arg1%',
     'helpLink'       => 'https://support.surfconext.nl/wayf-en',
     'footer_navigation_screenreader'    => 'Footer navigation',
 
@@ -38,7 +38,7 @@
     'wayf_noscript_warning_end'     => 'You can, off course, still log in.',
     'wayf_delete_account_screenreader'       => 'Delete %idpTitle% from your accounts',
     'wayf_deleted_account_screenreader'      => ' was deleted from your accounts',
-    'wayf_remaining_idps_title_screenreader' => 'Login with an account from the list below',
+    'wayf_remaining_idps_title_screenreader' => 'Log in with an account from the list below',
     'wayf_select_account_screenreader'       => 'Select an account from the list below',
     'wayf_search_placeholder'   => 'Search...',
     'wayf_search_screenreader'          => 'Search for an %organisationNoun%',
@@ -60,7 +60,7 @@
     'wayf_defaultIdp_start'     => 'If your %organisation_noun% is not listed,',
     'wayf_defaultIdp_linkText'  => '%defaultIdpName% is available as an alternative.',
     'wayf_remaining_idps_search_label' => 'Or search for a Dutch institution from the list',
-    'wayf_idp_title_screenreader' => 'Login with ',
+    'wayf_idp_title_screenreader' => 'Log in with ',
     'wayf_idp_title_noaccess_screenreader'  => 'No access with',
 
     // Consent

diff --git a/theme/skeune/translations/messages.nl.php b/theme/skeune/translations/messages.nl.php
@@ -37,7 +37,7 @@
     'wayf_noscript_warning_end'     => 'Vanzelfsprekend kun je wel gewoon inloggen.',
     'wayf_delete_account_screenreader'       => 'Verwijder %idpTitle% uit je accounts',
     'wayf_deleted_account_screenreader'      => ' werd verwijderd uit uw accounts',
-    'wayf_remaining_idps_title_screenreader' => 'Login met een account uit de onderstaande lijst',
+    'wayf_remaining_idps_title_screenreader' => 'Log in met een account uit de onderstaande lijst',
     'wayf_select_account_screenreader'       => 'Selecteer een account uit de onderstaande lijst',
     'wayf_search_placeholder'   => 'Zoeken...',
     'wayf_search_screenreader'          => 'Zoek naar een %organisationNoun%',
-Original file line number
+Diff line change
@@ Expand Up @@
         #[Test]
         public function unsolicited_response_returns_400_with_expected_content(): void
         {
-            $this->assertFeedbackPage('/authentication/feedback/unsolicited-response', Response::HTTP_BAD_REQUEST, 'Sign-in could not be completed');
+            $this->assertFeedbackPage('/authentication/feedback/unsolicited-response', Response::HTTP_BAD_REQUEST, 'Login could not be completed');
         }
         #[Test]
@@ Expand Down @@