Single Sign-On System (JAIST-SSO)
It is a system that unifies the authentication information when using various systems on campus.
The SSO (single sign-on) function makes it possible to use different systems with one authentication (limited to the same Web browser within a certain period of time).
For systems that can be used from off-campus, FIDO2 authentication, or multi-factor authentication using a one-time password or client certificate in addition to user account and password authentication is required.
It is recommended that you set up multi-factor authentication settings such as one-time passwords and FIDO2 authentication devices on campus in advance. (You can do it from the off-campus network environment, but you need to prepare the environment to some extent.)
Digital certificate used as an authentication factor(2021/04)
Digital certificates (client certificates) can be used as one of the authentication factors in JAIST-SSO.
"User ID + password + one-time password (TOTP)" is mainly used for certification from off-campus. In addition to this, "User ID + password + digital certificate" can used from now on.
Digital certificates can be used more easily than one-time passwords by importing them into the OS or browser in advance. For more convenient use, It is recommended that you use the digital certificate for everyday PC and TOTP for temporary PC.
The following reports have been received about authenticating with JAIST-SSO.
・ Internal Server Error occurs
・ Authentication fails with correct password
If this happens, try deleting cookies or restarting your browser.
The cause of the "AUTHENTICATION FAILED" message varies depending on the usage environment. Please refer to the following page.
When login fails in JAIST-SSO
"INVALID OTP CODE" is displayed when the One Time Password (OTP) you entered is not correct. The following are possible causes
- You have entered an expired OTP.
One-time passwords are valid for a certain amount of time (a few tens of seconds). Try entering an OTP that has just been issued.
- The time setting of the device is not correct.
OTPs are generated based on time. If the date and time settings of the device generating the OTP are not correct, the OTP generated by that device cannot be used. The time zone must be set to Japan time when you are in Japan.
If you have your digital certificate, you can import it into your browser and present it to log in without being asked to enter the OTP.
[If you have a postcard with your Secret key]
Please register another device as an OTP-generating device (Click here to see how to register). OTP will generate the same value on any device/app when the secret key and time are the same. Compare the values of the two devices, and if different OTPs are generated, it is possible that the time setting or the private key is wrong.
In WinAuth (Windows OTP generation application), you can check the Secret Key by following the steps below.
- Start WinAuth, place the cursor on the OTP code and right click.
- Click "Show Secret Key...".
- When prompted for a password, enter your WinAuth password
- Compare the displayed Secret Key with the Secret Key written on the postcard.
If the strings are different, the OTP has not been registered correctly and you need to register again.
Please try to access from the URL written on this website.
The URLs of various services (WebMail, online storage, SSL-VPN, etc.) are subject to change due to system updates. For the various services that require authentication by JAIST-SSO, the JAIST-SSO screen will be displayed after accessing each page, but you should not bookmark this page. If you want to bookmark this services, please register the URL used in the this website (you can check it by right-clicking the link and clicking [Copy Link]).