Skip to main content


Connect to RCIAM an IdP federated in an hub and spoke federations#

I get an error similar to: "Error - No connection between institution and service" (SURFconext example)#

In case of a "hub and spoke" federation the federation coordinator may require that the IdP administrators explicitly request to connect to a SP and let their users to authenticate on these SP.

In most of the cases this is not a configuration problem neither for the RCIAM service nor for the Identity provider. The connection needs to be implemented in the hub and spoke IdP Proxy.

One example of such federation is SURFconext, the national IdP federation for research and education in the Netherlands operated by SURFnet. If you are using credentials from a Dutch IdP in eduGAIN, you or your IdP administrators need to request the connection. The following steps will lead you to perform the connection:

  • Connect to SURFconext dashboard
  • Search for "RCIAM AAI Service provider proxy"
    • If the service does not show in the search, you need to ask SURFnet to add it in the dashboard, please write to support at surfconext dot nl
  • In the dashboard, near the "RCIAM AAI Service provider proxy" there should be a "Connect" button, this will create a service ticket and the SURFconext team will make the connection active.
  • After you received confirmation that the "RCIAM AAI Service provider proxy" is accessible, you will be able to login in RCIAM

Authentication error with ADFS-based Identity Providers#

Why do I get the error below after successfully authenticating at my Home IdP?#

opensaml::FatalProfileException at ( response reported an IdP error.Error from identity provider:Status: urn:oasis:names:tc:SAML:2.0:status:Responder

The Responder error status is typically returned from ADFS-based IdP implementations (notably Microsoft ADFS 2.0 and ADFS 3.0) that cannot properly handle Scoping elements. RCIAM can be configured to omit the scoping element from the authentication requests sent to such IdPs in order to allow successful logins. Please contact the RCIAM support team and include a screenshot of your error.

I have linked an IGTF X.509 certificate to my RCIAM identity but the information is inaccurate or incomplete#

What can I do?#

To update your certificate information, follow these steps to log into your RCIAM profile page using your IGTF certificate:

  1. Click here to access your profile page

This may log you out of any service you have accessed with RCIAM on this browser!

  1. On the RCIAM identity provider discovery page, select IGTF

If prompted to log in with a different identity provider, click CHOOSE ANOTHER ACCOUNT and then select IGTF. Alternatively, you can click here for your convenience

RCIAM IdP discovery IGTF