When login fails in JAIST-SSO
JAIST-SSO is used for authentication when using services such as Webmail and SSL-VPN. When authentication fails in JAIST-SSO, there are various possible reasons. Let's answer the questions from the following to find out the cause.
→ STEP1. What is the first screen displayed after access?
Please read the FAQ for each service if the system does not use JAIST-SSO, or if there is a problem after successful JAIST-SSO.
- Unable to access WebMail (e.g. blue screen that appears when logging out)
→Mail FAQ "I cannot access email" - Unable to connect to SSL-VPN (screen does not transition, blank screen displayed, etc.)
→"Alternatives for when you can't connect to SSL-VPN" - No transition to JAIST-SSO page
→After deleting the cookie, please access from the link on this web page.
Reference
STEP1. What is the first screen displayed after access?
What is displayed after accessing the URL of a service that requires JAIST-SSO authentication (e.g. Webmail)?
- The user name input screen appears.
→SETP2 What screen is displayed after entering the username and password? - At the top of the 'Authentication failed' screen, in red text, "Unknown Error. Please contact Administrator"is displayed.
→FAQ [The message "Unknown Error. Please contact Administrator" is displayed.] - JAIST-SSO screen does not appear (blank, response time too long, page not found, etc.)
→Please try accessing the service using a different browser, device or network.
If the problem is not resolved, please contact us with the information in the "Requests for Inquiries -JAIST-SSO screen not displaying problems-" page.
STEP2. What screen is displayed after entering the username and password?
What screen is displayed after entering the username and password?
- The authentication factor selection screen appears.
→STEP3 Authentication factor selection screen - ‘Authentication failed’ screen appears.
→STEP2-1 After entering the password, the message ‘Authentication failed’ is displayed
STEP2-1. After entering the password, the message ‘Authentication failed’ is displayed
After entering the password, a red frame at the top of the screen reads 'Authentication failed.'message appears at the top of the screen, there may be a problem with the username or password.
To check, please try logging in using the contact form.
*The username and password for the contact form are the same as for JAIST-SSO.
【If the login is successful】
There is nothing wrong with the username and password entered in the contact form.
Please try logging in again at JAIST-SSO with the same username and password.
→JAIST-SSO (Web-mail)
If you have stored the password in your browser, it is possible that it is incorrect.
FAQ [How to check passwords saved in your Web browser]
【If a login error occurs】
If the login fails even with the contact form, the username or password is incorrect.
- Are you able to enter the text as you want?
The input may not be correct due to a faulty keyboard or a different layout.
Please enter your username and password into a text editor, and check that they are entered as you expect them to be. - Is the user name correct?
The student's user name is "s+student number". (If the student number is "1234567", the user name is "s1234567")
* Not the email address ‘XXXXXX@jaist.ac.jp’.
* If you change your email address, your username will remain the same. - Is the password correct?
* When you are unable to log in after changing your password, please try logging in with your old password.
* If the password saved in your web browser allows you to log in, the password is the correct password.
Please refer to the FAQ "How to check passwords saved in your Web browser" to confirm your password.
If you have forgotten your password:
If you have already registered an email address for resetting your password, please try to reset your password.
→Resetting your password
If you have not registered, please come to the reception desk in person with your student/staff ID card.
→RCACI reception desk
STEP3. Authentication factor selection screen
If the authentication factor selection screen appears, there is no problem with the username and password.JAIST-SSO from off-campus networks requires multi-factor authentication in addition to passwords.
Which authentication factor did you select?
- OTP (Email)
→ STEP4-1. Authenticate by OTP (Email) - OTP (Authenticator)
→ STEP4-2. Authenticate by OTP (Authenticator) - Client Certificate
→ STEP4-3. Authenticate by Client Certificate - I don't know which authentication factor to select.
→ STEP3-1. I don't know which authentication factor to select
STEP3-1. I don't know which authentication factor to select
If the authentication factor selection screen appears, your terminal is accessing an off-campus network.When accessing from off-campus, authentication factors other than username and password are required.
If you do not remember setting up a multi-factor authentication factor, please come to the campus and do one of the following.
* It is recommended to set up the system so that multiple authentication factors can be used in case of expiry, malfunction or problems.
- Using the OTP (Email)
→One-Time Password (Email) Setup - Using the OTP (Authenticator)
→One Time Password authentication device registration procedure - Using the Client Certificate
→Client certificate issuance procedure
If you are uncomfortable with any of the tasks on the above pages, help desk staff will support you.
Please come to the RCACI reception desk with the device you usually use.
STEP4-1. OTP (Email)
OTP (email) is authenticated by receiving and entering an 8-digit OTP code at a pre-registered external email address.
- The OTP is entered, but "THE OTP CODE WAS INCORRECT." is displayed, and after three entries the "Authentication failed" screen is displayed.
→OTP code is incorrect.Please check the following points.- This is a different authentication method to the OTP (Authenticator).
- The OTP code is an eight-digit number.
- The OTP is valid for five minutes from issue.
- Use the OTP code received after selecting 'OTP (Email)' on the authentication factor selection screen.
- Once you click on 'REQUEST OTP', any old OTP codes sent before that will no longer be available.
- On the authentication failed screen, the red text at the top reads "Email address is not registered."is displayed.
→No non-JAIST email address is registered to receive OTPs.
Set up an external email address with reference to the following page.
* You need to use a different authentication factor or come within JAIST.
One-Time Password (Email) Setup - I did not receive an OTP code at registered email address.
→First, please check your spam folder etc.
If no email is found, the email address to receive the OTP may have been registered incorrectly.
Check the external email address with reference to the following page.
* You need to use a different authentication factor or come within JAIST.
One-Time Password (Email) Setup
If you have already set up another authentication factor, try authentication there.
If you still cannot log in, please see below.
→STEP5. Still JAIST-SSO fails
STEP4-2. OTP(Authenticator)
OTP (Authenticator) is a six-digit numeric password that changes over a period of time and can be used by registering an authentication device application (e.g. Google Authenticator) in advance.
- After input the one-time password, "Authentication Failed" appears at the top of the screen.
(When "INVALID OTP CODE. YOU WILL BE REQUESTED TO START AGAIN AFTER 1(or 2) MORE FAILURE(S)." is displayed)
→The OTP code is incorrect. Please check the following points.- The OTP is updated every 30 seconds. Enter the value immediately after checking the value on the authentication device.
- The OTP code is a six-digit number.
- Check that the time settings on the authentication device are correct.
- "One-time password (OTP) factor is not registered." appears in red text.
→You have not completed the configuration of your OTP authentication device.
Log in with a different authentication factor and set the authentication device with reference to the following page.
One Time Password authentication device registration procedure
When the OTP entry screen appears but the OTP authentication device is not available (faulty or unregistered)
[If you have received a postcard with private key]
If you received a ‘Secret Key for TOTP (Time-based One-time Password)’ postcard when you received your JAIST account, you can register your authentication device off campus by referring to the following page.
How to set up One-Time Password (OTP) using postcard
* Only if you have never done 'Delete authentication factor'.
* If you have lost your postcard or deleted an authentication factor, you will need to come to the campus to complete the registration process, unless you have already prepared another authentication factor.
[If you have not received a postcard]
If a configured authentication device is no longer available, the authentication factor must be deleted and re-registered.
Deletion of authentication factors
One Time Password authentication device registration procedure
*If another authentication factor has not been set up, you must come to the campus and set it up.
If you have already set up another authentication factor, try authentication there.
If you still cannot log in, please see below.
→STEP5. Still JAIST-SSO fails
STEP4-3. Client Certificate
If you select ‘Client certificate’ on the authentication factor selection screen and then are redirected to the ‘Authentication failed’ screen, it is possible that you did not present a client certificate or that the certificate was not correct.
[Check whether certificates have been imported]
First, check to see if the digital certificate has been imported into your browser.
Access user's manuals by UPKI from the following page and refer to "Checking the Certificate (PKCS#12 file)".
→User's Manuals for Installation in Different Web Browsers
If no certificate is found, issue and import the certificate into the browser.
If you have a digital certificate file→Procedure for importing a certificate
If you do not have a digital certificate file→Procedure for issuing a client certificate
[Check that the certificate is valid]
When a certificate has been imported but authentication fails, there may be a problem with the certificate. Please check the following.
- Is the certificate issued under your user name?
Do not use someone else's digital certificate.
If you are a doctoral student, don't use the certificate that you got during your Master's course.
→Procedure for issuing a client certificate - Is the certificate valid?
Please make sure that your digital certificate has not been revoked.
→How to check the validity/revoked of the client certificate - Have you selected a valid certificate (if you have more than one certificate)?
If two or more certificates have been imported, the old certificate may be used for authentication.
→Select the certificate to be used for JAIST-SSO - (For certificates issued before August 2023) Have you changed your email address?
If you are using a certificate issued before August 2023 and you change your email address from student number based, the certificate you obtained before the change is no longer valid. Please revoke and reissue the certificate.
- Client Certificate Revocation Procedure
- Client certificate issuance procedure
- Select the certificate to be used for JAIST-SSO - Try authentication in a private window
When you have set a certificate to be presented automatically, a different certificate than the one you are expecting may have been presented.
Please try authentication in a different browser or in a private window, with no cache left in your browser.
If you have already set up another authentication factor, try authentication there.
If you still cannot log in, please see below.
→STEP5. Still JAIST-SSO fails
STEP5. Still JAIST-SSO fails
If you are still unable to access the site, please check the failure information on the top page and confirm that the failure has not occurred.
→RCACI Home Page
→JAIST Information Environment Operational Status
When there is anything related to the failure JAIST-SSO, please wait until it is restored.
If the login still fails, please contact us via the web form, referring to the following page.