menu

When login fails in JAIST-SSO

JAIST-SSO is used for authentication when using services such as Webmail and SSL-VPN. When authentication fails in JAIST-SSO, there are various possible reasons. Let's answer the questions from the following to find out the cause.
STEP1. What is the first screen displayed after access?

Please read the FAQ for each service if the system does not use JAIST-SSO, or if there is a problem after successful JAIST-SSO.

Reference

Authentication flow

There is a difference in the authentication flow between access from the on-campus network (including VPN) and access from the off-campus network.

SSO authentication is possible by registering one of the authentication factors shown in the image on the right.


STEP1. What is the first screen displayed after access?

What is displayed after accessing the URL of a service that requires JAIST-SSO authentication (e.g. Webmail)?

 

 

 

 

STEP2. What screen is displayed after entering the username and password?

What screen is displayed after entering the username and password?

 

 

 

 

STEP2-1. After entering the password, the message ‘Authentication failed’ is displayed

After entering the password, a red frame at the top of the screen reads 'Authentication failed.'message appears at the top of the screen, there may be a problem with the username or password.

To check, please try logging in using the contact form.
*The username and password for the contact form are the same as for JAIST-SSO.



【If the login is successful】

There is nothing wrong with the username and password entered in the contact form.
Please try logging in again at JAIST-SSO with the same username and password.
 →JAIST-SSO (Web-mail)

If you have stored the password in your browser, it is possible that it is incorrect.
FAQ [How to check passwords saved in your Web browser]

 

 

【If a login error occurs】

If the login fails even with the contact form, the username or password is incorrect.

 

  • Are you able to enter the text as you want?
    The input may not be correct due to a faulty keyboard or a different layout.
    Please enter your username and password into a text editor, and check that they are entered as you expect them to be.

  • Is the user name correct?
    The student's user name is "s+student number". (If the student number is "1234567", the user name is "s1234567")
    * Not the email address ‘XXXXXX@jaist.ac.jp’.
    * If you change your email address, your username will remain the same.

  • Is the password correct?

    * When you are unable to log in after changing your password, please try logging in with your old password.
    * If the password saved in your web browser allows you to log in, the password is the correct password.
     Please refer to the FAQ "How to check passwords saved in your Web browser" to confirm your password.

 

If you have forgotten your password:

If you have already registered an email address for resetting your password, please try to reset your password.
  →Resetting your password

If you have not registered, please come to the reception desk in person with your student/staff ID card.
  →RCACI reception desk

 

 

STEP3. Authentication factor selection screen

If the authentication factor selection screen appears, there is no problem with the username and password.JAIST-SSO from off-campus networks requires multi-factor authentication in addition to passwords.

Which authentication factor did you select?

 

 

 

 

STEP3-1. I don't know which authentication factor to select

If the authentication factor selection screen appears, your terminal is accessing an off-campus network.When accessing from off-campus, authentication factors other than username and password are required.

 

If you do not remember setting up a multi-factor authentication factor, please come to the campus and do one of the following.
* It is recommended to set up the system so that multiple authentication factors can be used in case of expiry, malfunction or problems.

If you are uncomfortable with any of the tasks on the above pages, help desk staff will support you.
Please come to the RCACI reception desk with the device you usually use.

 

 

 

STEP4-1. OTP (Email)

OTP (email) is authenticated by receiving and entering an 8-digit OTP code at a pre-registered external email address.

 

  • The OTP is entered, but "THE OTP CODE WAS INCORRECT." is displayed, and after three entries the "Authentication failed" screen is displayed.
    →OTP code is incorrect.Please check the following points.
    • This is a different authentication method to the OTP (Authenticator).
    • The OTP code is an eight-digit number.
    • The OTP is valid for five minutes from issue.
    • Use the OTP code received after selecting 'OTP (Email)' on the authentication factor selection screen.
    • Once you click on 'REQUEST OTP', any old OTP codes sent before that will no longer be available.

  • On the authentication failed screen, the red text at the top reads "Email address is not registered."is displayed.
    →No non-JAIST email address is registered to receive OTPs.
    Set up an external email address with reference to the following page.
    * You need to use a different authentication factor or come within JAIST.
    One-Time Password (Email) Setup

  • I did not receive an OTP code at registered email address.
    →First, please check your spam folder etc.
    If no email is found, the email address to receive the OTP may have been registered incorrectly.
    Check the external email address with reference to the following page.
    * You need to use a different authentication factor or come within JAIST.
    One-Time Password (Email) Setup

 

If you have already set up another authentication factor, try authentication there.
If you still cannot log in, please see below.
 →STEP5. Still JAIST-SSO fails

 

 

 

 

STEP4-2. OTP(Authenticator)

OTP (Authenticator) is a six-digit numeric password that changes over a period of time and can be used by registering an authentication device application (e.g. Google Authenticator) in advance.

 

  • After input the one-time password, "Authentication Failed" appears at the top of the screen. 
    (When "INVALID OTP CODE. YOU WILL BE REQUESTED TO START AGAIN AFTER 1(or 2) MORE FAILURE(S)." is displayed)
    →The OTP code is incorrect. Please check the following points.
    • The OTP is updated every 30 seconds. Enter the value immediately after checking the value on the authentication device.
    • The OTP code is a six-digit number.
    • Check that the time settings on the authentication device are correct.
    FAQ "After entering the OTP, "INVALID OTP CODE" will be displayed."
  • "One-time password (OTP) factor is not registered." appears in red text.
    →You have not completed the configuration of your OTP authentication device.
    Log in with a different authentication factor and set the authentication device with reference to the following page.
    One Time Password authentication device registration procedure

 

When the OTP entry screen appears but the OTP authentication device is not available (faulty or unregistered)

[If you have received a postcard with private key]
If you received a ‘Secret Key for TOTP (Time-based One-time Password)’ postcard when you received your JAIST account, you can register your authentication device off campus by referring to the following page.
How to set up One-Time Password (OTP) using postcard
* Only if you have never done 'Delete authentication factor'.
* If you have lost your postcard or deleted an authentication factor, you will need to come to the campus to complete the registration process, unless you have already prepared another authentication factor.

[If you have not received a postcard]
If a configured authentication device is no longer available, the authentication factor must be deleted and re-registered.
Deletion of authentication factors
One Time Password authentication device registration procedure
*If another authentication factor has not been set up, you must come to the campus and set it up.

 

If you have already set up another authentication factor, try authentication there.
If you still cannot log in, please see below.
 →STEP5. Still JAIST-SSO fails

 

 

 

STEP4-3. Client Certificate

If you select ‘Client certificate’ on the authentication factor selection screen and then are redirected to the ‘Authentication failed’ screen, it is possible that you did not present a client certificate or that the certificate was not correct.

 

[Check whether certificates have been imported]

First, check to see if the digital certificate has been imported into your browser.

Access user's manuals by UPKI from the following page and refer to "Checking the Certificate (PKCS#12 file)".
User's Manuals for Installation in Different Web Browsers


If no certificate is found, issue and import the certificate into the browser.

If you have a digital certificate file→Procedure for importing a certificate
If you do not have a digital certificate file→Procedure for issuing a client certificate

 

[Check that the certificate is valid]


When a certificate has been imported but authentication fails, there may be a problem with the certificate. Please check the following.

 

 

If you have already set up another authentication factor, try authentication there.
If you still cannot log in, please see below.
 →STEP5. Still JAIST-SSO fails

 

 

 

 

 

 

STEP5. Still JAIST-SSO fails

If you are still unable to access the site, please check the failure information on the top page and confirm that the failure has not occurred.
RCACI Home Page
JAIST Information Environment Operational Status
When there is anything related to the failure JAIST-SSO, please wait until it is restored.

If the login still fails, please contact us via the web form, referring to the following page.

Requests for Inquiries - JAIST-SSO Failure Problem