menu

Single Sign-On System (JAIST-SSO)

It is a system that unifies the authentication information when using various systems on campus.

The SSO (single sign-on) function makes it possible to use different systems with one authentication (limited to the same Web browser within a certain period of time).

For systems that can be used from off-campus, FIDO2 authentication, or multi-factor authentication using a one-time password or client certificate in addition to user account and password authentication is required.

It is recommended that you set up multi-factor authentication settings such as one-time passwords and FIDO2 authentication devices on campus in advance. (You can do it from the off-campus network environment, but you need to prepare the environment to some extent.)

Started to support "GakuNin" (2022/03)

JAIST-SSO has started to support "GakuNin".
Several web services (SP) can be used by logging in to JAIST-SSO.
About Academic Access Management Federation "GakuNin"

FAQ

JAIST-SSO

"AUTHENTICATION FAILED" is displayed.

The cause of the "AUTHENTICATION FAILED" message varies depending on the usage environment. Please refer to the following page.
When login fails in JAIST-SSO

The message "Unknown Error. Please contact Administrator" is displayed.

    Please try the following:

    (If you have this problem with a device and procedures that have been working fine until now, please try "3. Disable security software".)

     

    1. Try authentication in an environment where past authentication information has been deleted
      Please try JAIST-SSO authentication using private window mode or a web browser different from the one you normally use (e.g. Chrome or Firefox if you normally use Edge).

    2. Try authentication on another device
      If you have a different device than the one causing the problem (e.g., a smartphone if the problem occurs on a PC), please try authentication on that device.

    3. Disable security software and try authentication
      We have confirmed cases where "Unknown Error" occurs due to security software. Please disable your security software and try authentication.
      Alternatively, please set the "443/tcp (HTTPS)" communication of "auth.jaist.ac.jp" as an exclusion list (e.g. white list, not subject to inspection, etc.) and try authentication.

    4. Try accessing each service from the links on this web page.

    5. If you are using a non-JAIST SSL-VPN, disconnect and try accessing
    After entering the OTP, "INVALID OTP CODE" will be displayed.

    "INVALID OTP CODE" is displayed when the One Time Password (OTP) you entered is not correct. The following are possible causes

    • You have entered an expired OTP.

    One-time passwords are valid for a certain amount of time (a few tens of seconds). Try entering an OTP that has just been issued.

    • The time setting of the device is not correct.

    OTPs are generated based on time. If the date and time settings of the device generating the OTP are not correct, the OTP generated by that device cannot be used. The time zone must be set to Japan time when you are in Japan.

    If you have your digital certificate, you can import it into your browser and present it to log in without being asked to enter the OTP.

     

    [If you have a postcard with your Secret key]

    Please register another device as an OTP-generating device (Click here to see how to register). OTP will generate the same value on any device/app when the secret key and time are the same. Compare the values of the two devices, and if different OTPs are generated, it is possible that the time setting or the private key is wrong.

     

    In WinAuth (Windows OTP generation application), you can check the Secret Key by following the steps below.

    1. Start WinAuth, place the cursor on the OTP code and right click.
    2. Click "Show Secret Key...".
    3. When prompted for a password, enter your WinAuth password
    4. Compare the displayed Secret Key with the Secret Key written on the postcard.
      If the strings are different, the OTP has not been registered correctly and you need to register again.
    Unable to access services from bookmarks

    Please try to access from the URL written on this website.

    The URLs of various services (WebMail, online storage, SSL-VPN, etc.) are subject to change due to system updates. For the various services that require authentication by JAIST-SSO, the JAIST-SSO screen will be displayed after accessing each page, but you should not bookmark this page. If you want to bookmark this services, please register the URL used in the this website (you can check it by right-clicking the link and clicking [Copy Link]).

    The message "You are not authorized to use this service" is displayed.

    You are not authorized to use the service you are accessing.
    Please see the page of each service and check if you are included in the target group.
    You can check the usage rights for each service on the "Available Service" of Self-Maintenance page.

    If you are the target person but do not have the right to use the service, please contact us.

    I bought a new smartphone. How do I get a one-time password?

    When you renew your PC/smartphone used as an OTP device, please transfer the OTP to a new PC/smartphone.

     

    • If you have the "Secret Key for TOTP (Time-based One-time Password)" postcard

    If you have a "Secret Key for TOTP (Time-based one-time Password)" postcard and have not deleted the setting, please refer to the following page to set up OTP.
    How to set up One-Time Password (OTP) using postcard

    • If you have an old device

    If you have an old PC/smart phone that has been used as an OTP generation device, please refer to the following page.
    Exporting One Time Passwords (OTP)

    • If you don't have the postcard or the old device

    Please delete and re-register your current OTP on the campus network.
    Deregister authentication factor
    One Time Password authentication device registration procedure

    Can I have multiple terminals to generate one-time passwords?

    Yes, you can.

    OTPs are generated using a private key and time.
    The same OTP can be generated at the same time on multiple terminals if the same private key is used to set it up.

     

    If you have a "Secret Key for TOTP (Time-based one-time Password)" postcard and have not deleted the setting, please refer to the following page to set up OTP.
    How to set up One-Time Password (OTP) using postcard

     

    If you have an OTP-generating terminal, please refer to the following page to export the QR code or secret key string and set it on another device.
    Exporting One Time Passwords (OTP)

    I lost my OTP postcard. Can I have it reissued?

    You cannot receive the "Secret Key for TOTP (Time-based One-time Password)" postcard again.

    If the postcard is lost without setting the OTP, or if the device to which the OTP is registered fails after the postcard is discarded, follow the steps below to reconfigure the OTP.
    * If you do not have a valid client certificate or FIDO2 settings, you will need to come to JAIST campus to reconfigure.

    1. Deregister authentication factor
    2. One Time Password authentication device registration procedure