menu

Single Sign-On System (JAIST-SSO)

It is a system that unifies the authentication information when using various systems on campus.

The SSO (single sign-on) function makes it possible to use different systems with one authentication (limited to the same Web browser within a certain period of time).

For systems that can be used from off-campus, FIDO2 authentication, or multi-factor authentication using a one-time password or client certificate in addition to user account and password authentication is required.

It is recommended that you set up multi-factor authentication settings such as one-time passwords and FIDO2 authentication devices on campus in advance. (You can do it from the off-campus network environment, but you need to prepare the environment to some extent.)

Started to support "GakuNin" (2022/03)

JAIST-SSO has started to support "GakuNin".
Several web services (SP) can be used by logging in to JAIST-SSO.
About Academic Access Management Federation "GakuNin"

FAQ

JAIST-SSO

"AUTHENTICATION FAILED" is displayed.

The cause of the "AUTHENTICATION FAILED" message varies depending on the usage environment. Please refer to the following page.
When login fails in JAIST-SSO

After entering the OTP, "INVALID OTP CODE" will be displayed.

"INVALID OTP CODE" is displayed when the One Time Password (OTP) you entered is not correct. The following are possible causes

  • You have entered an expired OTP.

One-time passwords are valid for a certain amount of time (a few tens of seconds). Try entering an OTP that has just been issued.

  • The time setting of the device is not correct.

OTPs are generated based on time. If the date and time settings of the device generating the OTP are not correct, the OTP generated by that device cannot be used. The time zone must be set to Japan time when you are in Japan.

If you have your digital certificate, you can import it into your browser and present it to log in without being asked to enter the OTP.

 

[If you have a postcard with your Secret key]

Please register another device as an OTP-generating device (Click here to see how to register). OTP will generate the same value on any device/app when the secret key and time are the same. Compare the values of the two devices, and if different OTPs are generated, it is possible that the time setting or the private key is wrong.

 

In WinAuth (Windows OTP generation application), you can check the Secret Key by following the steps below.

  1. Start WinAuth, place the cursor on the OTP code and right click.
  2. Click "Show Secret Key...".
  3. When prompted for a password, enter your WinAuth password
  4. Compare the displayed Secret Key with the Secret Key written on the postcard.
    If the strings are different, the OTP has not been registered correctly and you need to register again.
Unable to access services from bookmarks

Please try to access from the URL written on this website.

The URLs of various services (WebMail, online storage, SSL-VPN, etc.) are subject to change due to system updates. For the various services that require authentication by JAIST-SSO, the JAIST-SSO screen will be displayed after accessing each page, but you should not bookmark this page. If you want to bookmark this services, please register the URL used in the this website (you can check it by right-clicking the link and clicking [Copy Link]).

The message "You are not authorized to use this service" is displayed.

You are not authorized to use the service you are accessing.
Please see the page of each service and check if you are included in the target group.
You can check the usage rights for each service on the "Available Service" of Self-Maintenance page.

If you are the target person but do not have the right to use the service, please contact us.