FAQ - Identity Management

Your access data for the IdM consist of your username (format: ab123456) and your password.

The "opensaml:FatalProfileException" error message can be caused by multiple circumstances. If none of the measures mentioned below fixes the problem, please contact servicedesk@itc.rwth-aachen.de. In this case, please provide us with a screenshot of the error message, a description of the website you tried to access and your RWTH username.

Solution 1: Your IP address has changed in an active single sign-on session. Please close your current session (i.e. all open browser tabs) and try logging in in a new browser session.

Solution 2: Please clear your browser data and then try once again to log in.

Solution 3: If you are using a Chromium browser (such as Microsoft Edge, Google Chrome or Opera) please try an alternative - such as Mozilla Firefox.

You will get your access data after the redemption of your coupon(s) via the ConnectMe procedure. Depending on the group of persons you receive your coupons from different issuers. After redemption, you will receive an e-mail in most cases. Then you may log into Selfservice to set passwords for the accounts which were created for you.

 A username (format: ab123456) is your username for the Identity Management. It usually consists of two letters and six random numbers e.g. ab123456. You will receive the user name via a coupon when you register for the first time.

Your user name is used as logon name in your accounts. As a result of multiple registrations, you might end up with different user names in some accounts. Please keep your user name secret.

If you want to use a service protected by the Single Sign-On System Shibboleth the authentication is carried out via your RWTH Single Sign-On account.

"The PVZ condition (Checks if the role owner is recorded in the RWTH Person Directory) was not met."

This means that the connection of your RWTHcontacts personal data to Identity Management(IdM) has not occurred or has yet to be synchronized with IdM. In order for this condition to be met, you require an entry in the RWTH Person Directory. The data from this entry will be synchronized with IdM on the following day.

Via the Password-Reset-Tool you can have your access data for the Identity Management automatically e-mailed to you, provided that you can access the contact e-mail address that is stored in the IdM. You can get help from the IT-ServiceDesk. Please give the name of the service or application you cannot access, as well as your username (format: ab123456).

If you have lost your coupon code, you must contact the department that have issued the coupon code. Employees must contact the Human Resources Administration, students must contact the  IT-ServiceDesk.

Other groups of persons must contact the administrators of the respective coupon procedure.

• Unknown username: If you are able to access the contact e-mail address stored in the Selfservice you can use the Password-Reset-Tool to have your username sent. To do so, please click on Forgot Username under the displayed "Login" button. Hence, you will be asked to enter either your matriculation number, RWTH-ID or contact e-Mail adress. You will receive an e-mail containing a link to your credentials and the option to reset your password.
• Unknown password: There are four possible ways to obtain a new password: Using PasswordReset App, Picking Up credentials at the IT-ServiceDesk, Picking up credentials via power of attorney and New credentials by mail and in-house mail

If you have two or more usernames and have problems using an IT-based service, please try to access it with all known usernames. The various permissions (e.g. student or employee status) might in this case be dependent on different usernames. You can check the details about it in the Selfservice. If you still have problems using the service, please contact the IT-ServiceDesk of RWTH Aachen University. If there are no problems with the usage of the specific services, the usernames cannot unfortunately be merged. 

You can view and change the following data yourself via the Selfservice. You will find more information about changing you personal data here. You you name is incorrect or has changed, please contact the personnel department (employees) or the Registar's Office (students).

If you want to change further personal data, please contact the IT-ServiceDesk.

Depending on the status in the Identity Management, names and titles are delivered from the respective source system and are chosen according to the following order:

• Employee(s) RWTH (Human Resources Department RWTH)
• Members UKA/FB10 (Human Resources Department UKA)
• External lecturers (RON:ELK) and retired professors(RON: ELK, UP i.R., LBP, EP (Human Resources Department, Department 1.5)
• Scholarship holder at RWTH Aachen University (Human Resources Department RWTH)
• Student at RWTH (Central Examination Office (ZPA))

For example, for external lecturers who are also RWTH employees, the name and title will be taken exclusively from the data record of the HR department.

You can find out which of these groups you belong to in IdM Selfservice under RWTH data.
The following page describes how you can have your data corrected in the Identity Management. This varies depending on the data source.

Groups of persons other than those mentioned can change their title in IdM Selfservice (Personal Data).

List of roles in the role management.

You can find an overview of all the roles assigned to you in the Selfservice under the menu item "roles". 

Manual on the use of the role management.

Yes, roles are automatically revoked when the defined conditions for these role holders are no longer met.

For example, for many roles, the condition "PVZ" is set. This means that in order to activate and retain the role, they must have a business e-mail address registered in the RWTH Person Directory. As soon as you lose your last e-mail entry in the PVZ, all roles for which this condition is set will be revoked from you overnight.

For more information on using e-mail addresses in role management and downstream systems, please see Using Roles.

Furthermore, there are roles (e.g., "Verwaltung Rollen" (Role Management)) that have an expiration date and will be revoked on that date.

As a role holder, you and the role managers of your organization will be informed by e-mail 2 weeks prior to the revocation of roles.

The role (e.g., "Verwaltung Rollen" (Role Management)) will only be automatically revoked if at least one person still holds this role after the action.

Please note as a person with the role (e.g., "Verwaltung Rollen" (Role Management)) your associated responsibilities.

• You receive an error message after trying to redeem a role coupon issued for you? Please first check in SelfService under User Data → RWTH Data→ RWTHcontacts entry whether you have an entry which contains your email address when you click on it.
• Please have this information ready for us.
• If you still have difficulties, please contact the IT-ServiceDesk and submit and your full name, your username (ab123456), screenshots of your error message and the URL of your RWTHcontacts entry.
• Here you can find more information about the connection of data from RWTHcontacts to the identity management system (IdM).

This error occurs when there is no e-mail address registered for you on RWTHcontacts. Please contact the administrator of your organizational unit and have them enter an e-mail address for you. After that you can redeem the coupon again provided that the expiration date has not yet been reached.

Many roles require an entry on RWTHcontacts. This condition must be fulfiled by you as a role holder. It ensures that you will be assigned an official contact (address, e-mail, phone number) which is necessary for the assumption of roles. This contact does not necessarily have to be the contact in the organizational unit for which you are assuming the specific role. E.g. you should, if you are assuming a role for multiple organizations, assign your primary contact.

Access

For authentication you need your user name and the password for the RWTH Single Sign-On Account. You can easily change your password in the  Selfservice.
If you do not have access to the self-service, you can reset your password via PasswordReset.

The username (Format: ab123456) corresponds to the username for the RWTH Single Sign-On Account. You can find this in the Selfservice. In the Selfservice you can also change the password for the account. If you have forgotten the password for your RWTH Single Sign-On account, you can reset the password using the password reset function.

Many online services offer a so called „institutional login“. You can log into these services by local accounts and additionally by using an account of an institution you are affiliated to. RWTH Aachen University offers „RWTH Aachen Single Sign-On“ for this purpose. You can log in by this service if RWTH is listed in the select list. The assigned account is your RWTH Single Sign-On account. 

Please note: Wether you get acces or not depends on release rules for attributes containing information about you required by the service. If there is any doubt, please contact the IT-ServiceDesk.

Log out

This application is protected by RWTH Single Sign-On (Shibboleth). In order to log out reliably, you must delete all session information (cookies) - at least those of Shibboleth (sso.rwth-aachen.de & idm.rwth-aachen.de) - in your web browser.

Why is that?

Shibboleth stores encrypted application-relevant information about who you are and what you are allowed to do in your web browser session. Anyone who has access to your web browser can use all applications protected by Shibboleth as long as your session information is stored by Shibboleth in the browser.

What do you have to do to securely log out?

If you use the option of your browser and work in a particularly secure mode (incognito, private), the restoration of sessions is automatically prevented. You don't have to do anything else.

If, on the other hand, you are working in normal mode, please find out how to configure the web browser used so that a session cannot be restored. Modern web browsers support the automatic deletion of all session information when the web browser is closed. This option often has to be activated explicitly in the settings beforehand.

Information on deleting cookies for common web browsers can be found on the following websites:

• Chrome
• Firefox
• Edge

The exact procedure is described in the manual Link to the test system of RWTH Aachen University.

Such error messages appear when you click on the back button in the browser during a safe session. To repair the error close the browser and/or clear the cache and delete the cookies for sso.rwth-aachen.de.

You are shown this error message because you have tried to set the passoword for several accounts at the same time and the process has failed for at least one account. The reason can be, for example, problems in your network connection. Now you can see the page where you can change passwords for several accounts again whereby the choice of the accounts has been reduced to the accounts with failure. You can try reseting the password for theses accounts again. 

Every now and then, you will receive automated e-mails from the IdM system, e .g. when you change your address in IdM Selfservice, when your name has been changed in a source system or when passwords have been changed. Mostly the purpose is to inform you about automated changes and actions so you can react to errors or e.g. password changes that you did not initiate yourself.
The subject will be prefixed with [RWTH-IdM] and the messages will always be send from no-reply@itc.rwth-aachen.de. They are directly addressed to you personally (preferred name and surname).
All our mails are signed with an official valid certificate issued for the mentioned sender. In case of doubt you can verify the authenticity of the messages by these attributes to avoid phishing.

• You have not received an e-mail with the subject "Welcome to RWTH" although you have already enrolled? Please check first whether the e-mail has been moved to your SPAM folder and whether you have transferred the semester fee. To do this, navigate to the "Applications" application in RWTHonline and click on the small magnifying glass icon in the "Actions" column. If a green checkmark appears here next to your semester fees, the money has been received.
• If you have already made the transfer more than seven business days ago and have not yet received a coupon code, please contact the Registrar's Office.
• If you have any questions beyond that, please contact the IT-ServiceDesk and send us a detailed error description, your full name, date of birth, applicant number and screenshots of the error message.

There may be various reasons why your RWTH Single Sign-On session is terminated and you have to log in again and use MFA:

• The RWTH Single Sign-On session has expired: After 14 hours, your RWTH Single Sign-On session will be automatically terminated and you will have to log in again.
• The browser has been closed: Closing the browser completely usually results in the RWTH Single Sign-On session also being terminated.
• Cookies: Deleting cookies may also result in you having to log in again. Furthermore, the RWTH Single Sign-On requires cookies for the login process to work.
• iCloud Private Relay: The use of iCloud Private Relay can lead to problems with RWTH Single Sign-On under certain circumstances. You can find out how to deactivate iCloud Private Relay for a network or for individual pages in the official Apple documentation.
• IP change: A change of an IP address, caused for example by the use of a VPN software or the use of a mobile network, can also lead to an interruption of the session.

Please check your settings and the stability of your internet connection. If problems persist, please contact the IT-ServiceDesk.