FIDO2
FIDO2 is a passwordless authentication standard established by the FIDO Alliance.
It defines an authentication protocol between "authentication device", "web browser" and "RP server", and is provided as a general-purpose mechanism that does not use a password when authenticating a web application.
This system uses the FIDO2 authentication method for the OpenAM authentication chain to realize user authentication using the FIDO2 authentication device.
Device used for FIDO2 authentication
・Windows Hello compatible PC
・FIDO2 compatible Yubikey device
・Google Titan device
URL for FIDO2 registration
Access one of the following URLs that meet the required authentication conditions and register the FIDO2 authentication device.
※ You can register multiple FIDO2 authentication devices.
Registration from the campus network environment (including VPN connection)
https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegFIDO2withCampus
Registration from off-campus network environment
1. Password and TOTP authentication
https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegFIDO2withTOTP
2. FIDO2 authentication
https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegFIDO2withFIDO2
3. Password and certificate (Applied for issuance before 8/25/2023 16:00) authentication
https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegFIDO2withCert
4. Password and certificate (Applied for issuance after 8/25/2023 16:00) authentication
https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegFIDO2withCert2023
FIDO2 usage procedure
Initial setting procedure
1. Set up the application used for FIDO2 authentication.
2. Access one of the registration URLs that meets the required authentication conditions.
3. Enter your user name and click Login.
4. Please follow the instructions on the screen to complete the login process.
Use of services using multi-step authentication (FIDO2)
When you access a service that authenticates with an integrated authentication infrastructure system such as Webmail, the login screen shown in the figure is displayed.
Here, enter your JAIST user name to log in.
※ Please note that if you enter your e-mail address (xxxxx(at)jaist.ac.jp), authentication will fail.