This page is in preparation.
For more information on replacement, please see the following.
Replacement of LDAP/Single Sign-On systems
When login fails in JAIST-SSO
JAIST-SSO is used for authentication when using services such as Webmail and SSL-VPN. When authentication fails in JAIST-SSO, there are various possible reasons. Let's answer the questions from the following to find out the cause.
→ STEP.0 What message was displayed when the authentication failed?
Please read the FAQ for each service if the system does not use JAIST-SSO, or if there is a problem after successful JAIST-SSO.
- Unable to access WebMail (e.g. blue screen that appears when logging out)
→Mail FAQ "I cannot access email" - Unable to connect to SSL-VPN (screen does not transition, blank screen displayed, etc.)
→"Alternatives for when you can't connect to SSL-VPN" - No transition to JAIST-SSO page
→After deleting the cookie, please access from the link on this web page.
Reference
STEP.0 What message was displayed when the authentication failed?
When authentication fails, red text message appears at the top of the screen for a few seconds.
Please select the appropriate combination of the operation you performed before the authentication failure and the message.
- After input your password, "Authentication Failed" appears at the top of the screen.
→ STEP1. About user name and password
- After input your password, "Your client certificate is invalid. In addition, One Time Password (OTP) factor is not registered." appears at the top of the screen.
→ STEP2. About authentication factors
- "Unknown error. Contact the system administrator." appears at the top of the screen.
(This may appear immediately after you have been redirected to JAIST-SSO and before you have entered your username).
→ FAQ "The message "Unknown Error. Please contact Administrator" is displayed"
- After input the one-time password, "Authentication Failed" appears at the top of the screen.
(When "INVALID OTP CODE. YOU WILL BE REQUESTED TO START AGAIN AFTER 1(or 2) MORE FAILURE(S)." is displayed)
→ FAQ "After entering the OTP, "INVALID OTP CODE" will be displayed."
STEP1. About user name and password
When "Authentication Failed" appears at the top of the screen after entering the password, there may be a problem with the user name or password.
Please access the inquiry form and please try to log in.
* Do not use passwords saved in your web browser.
Can you log in?
- Yes (Login Success)
The username/password entered in the login form is correct.- When authenticating from off-campus
→STEP1-3. Please check your digital certificate - When authenticating from on-campus
→Please try logging in again at JAIST-SSO with the same password.
If you still cannot log in, "STEP 3. Unable to log in".
- When authenticating from off-campus
- No (Login Error) →STEP1-2. User name or password is wrong
STEP1-2. User name or password is wrong
If you were unable to log in to the inquiry form, your user name or password is incorrect.
- Are you able to enter the text as you want?
The input may not be correct due to a faulty keyboard or a different layout.
Please enter your username and password into a text editor, and check that they are entered as you expect them to be. - Is the user name correct?
The student's user name is "s+student number". (If the student number is "1234567", the user name is "s1234567")
* Not the email address ‘XXXXXX@jaist.ac.jp’.
* If you change your email address, your username will remain the same. - Is the password correct?
* When you are unable to log in after changing your password, please try logging in with your old password.
* If the password saved in your web browser allows you to log in, the password is the correct password.
Please refer to the FAQ "How to check passwords saved in your Web browser" to confirm your password.
If you have forgotten your password:
If you have already registered an email address for resetting your password, please try to reset your password.
→Resetting your password
If you have not registered, please come to the reception desk in person with your student/staff ID card.
→RCACI reception desk
STEP1-3. Please check your digital certificate
If the following three conditions are met, the authentication has most likely failed because the "certificate used for authentication" and the "user name entered on the first screen" are different.
- When authentication fails, the message ‘Authentication failed’ is displayed with a red frame (confirmed in STEP0).
- There is no problem with the user name and password when trying to log in using the contact form (confirmed in STEP1).
- Authentication from an off-campus network (other than JAIST's wired LAN or Wi-Fi) is using a digital certificate.
Please check the following:
- Is the certificate issued under your user name?
Do not use someone else's digital certificate.
If you are a doctoral student, don't use the certificate that you got during your Master's course.
→Procedure for issuing a client certificate - (For certificates issued before August 2023) Have you changed your email address?
If you are using a certificate issued before August 2023 and you change your email address from student number based, the certificate you obtained before the change is no longer valid. Please revoke and reissue the certificate.
- Client Certificate Revocation Procedure
- Client certificate issuance procedure
- Select the certificate to be used for JAIST-SSO
If you have already set a one-time password, please cancel the presentation of the certificate and try authentication. If the certificate presentation screen does not appear and cannot be cancelled, try using the private window.
→Tips: Using a Private Window
If you still cannot log in, "STEP 3. Unable to log in".
STEP2. About authentication factors
There is no problem with the username and password, but an authentication factor seems to be missing.
Please go to the appropriate link below.
- Accessing from on-campus network
→STEP2-1. Accessing from campus - Accessing from off-campus using a one-time password
→STEP2-2. When accessing with a one-time password - Accessing from off-campus using a digital certificate
→STEP2-3. When accessing with a digital certificate - Access from off-campus (No digital certificates or one-time passwords are set up)
→STEP2-4. When the authentication factor is not registered
STEP2-1. Accessing from campus
When "Your client certificate is invalid. In addition, One Time Password (OTP) factor is not registered." is displayed, you are not connected to the campus network.
(If you are connected to the campus network, you can successfully authenticate using only your username and password.)
Please check the following.
- What is your network connected to?
The "campus network" refers to the campus Wi-Fi (SSID: JAIST, JAIST-ALL), wired LAN, and SSL-VPN.
Please make sure that you are using these networks. - Connected to SSID:NEWCOMER, eduroam
The "NEWCOMER" Wi-Fi service for new students is an off-campus network.
The "eduroam" wireless LAN service for educational and research institutions is an off-campus network.
A one-time password (OTP) or client certificate is required.
→STEP2-4. When the authentication factor is not registered - If you are using Safari on mac OS
Try logging in with the ‘Hide IP Address’ setting switched off.
→FAQ "I can't access the intramural use only page (Safari)"
If you cannot login
→STEP3. Unable to log in
STEP2-2. When accessing with a one-time password
When "Your client certificate is invalid. In addition, One Time Password (OTP) factor is not registered." is displayed, one-time password authentication device is not registered.
Even if the device is displaying the 6-digit OTP, the last steps of registration may have been forgotten or deleted after registration.
→STEP2-4. You do not have an authentication factor
If you have a digital certificate, you can use it for JAIST-SSO authentication by importing the digital certificate into your browser.
STEP2-3. When accessing with a digital certificate
When "Your client certificate is invalid. In addition, One Time Password (OTP) factor is not registered." is displayed, either the certificate has not been imported or there is a problem with the selected certificate.
First, check to see if the digital certificate has been imported into your browser.
Access user's manuals by UPKI from the following page and refer to "Checking the Certificate (PKCS#12 file)".
→User's Manuals for Installation in Different Web Browsers
Is the digital certificate of "...@jaist.ac.jp" imported into your browser?
- Yes, the certificate was imported.
→STEP2-3-1. The digital certificate has been imported.
- No, the certificate was not imported.
If you have a digital certificate file→Procedure for importing a certificate
If you do not have a digital certificate file→Procedure for issuing a client certificate
STEP2-3-1. The digital certificate has been imported
Please check the following points about the imported digital certificate.
- Is the certificate issued after December 25, 2020?
Certificates issued on or before December 24, 2020 will not be available after January 17, 2022.
Please refer to the following announcement for details and action.
→[Important] Client certificates will be revoked (for issued before 2020/12/24) - Is the certificate valid?
Please make sure that your digital certificate has not been revoked.
→How to check the validity/revoked of the client certificate - Have you selected a valid certificate (if you have more than one certificate)?
If two or more certificates have been imported, the old certificate may be used for authentication.
→Select the certificate to be used for JAIST-SSO
If you have a One Time Password (OTP), please cancel the certificate selection and try to authenticate with OTP.
If you cannot login
→STEP3. Unable to log in
STEP2-4. You do not have an authentication factor
Authentication from off-campus requires authentication factors other than username and password (one-time password, client certificate, etc.). When "Your client certificate is invalid. In addition, One Time Password (OTP) factor is not registered." is displayed, it means that the authentication factor is missing.
Please come to the campus and get one (or both) of the following authentication factors.
- Registering a one-time password
→One Time Password authentication device registration procedure - Issuance of digital certificates
→Client certificate issuance procedure
If you are uncomfortable with any of the tasks on the above pages, help desk staff will support you.
Please come to the RCACI reception desk with the device you usually use.
STEP3. Unable to log in
If you are still unable to access the site, please check the failure information on the top page and confirm that the failure has not occurred.
→RCACI Home Page
→JAIST Information Environment Operational Status
When there is anything related to the failure JAIST-SSO, please wait until it is restored.
If the login still fails, please contact us via the web form, referring to the following page.
以下、作成中
STEP1. アクセス後、まずはどんな画面になりますか?
JAIST-SSO認証が必要なサービス(例:Webメール)のURLにアクセス後、どのような表示になりますか?
- ユーザ名の入力画面 が表示される
→SETP2 ユーザ名とパスワードを入力した後の画面 - 赤文字で「不明なエラー。管理者にお問い合わせください。」と画面上部に表示され、「認証に失敗しました」の画面が表示される
→FAQ "「不明なエラー。システム管理者にお問合せください。」と表示される" - JAIST-SSOのロゴを含む画面が表示されない(タイムアウト、真っ白なページ等)
→STEP1-2 JAIST-SSOの画面が表示されない
STEP1-2. JAIST-SSOの画面が表示されない
STEP2. ユーザ名とパスワードを入力した後の画面
ユーザ名を入力し、「次へ」をクリックすると、パスワードの入力画面が表示されます。
パスワードの入力後、どのような画面が表示されましたか?
- 認証要素の選択画面が表示された
→STEP3 認証要素の選択 - 「認証に失敗しました」と表示された
→STEP2-1 パスワード入力後、「認証に失敗しました」と表示される - OTPの入力画面が表示される
→STEP4-1. OTP(メール)、STEP4-2. OTP(アプリ)
STEP2-1. パスワードを入力後、「認証に失敗しました」と表示される
STEP3. 認証要素の選択画面
認証要素の選択画面が表示される場合は、ユーザ名とパスワードに問題はありません。
学外ネットワークからのJAIST-SSOには、パスワードに加えて多要素認証が必要です。
- OTP(メール)
→ STEP4-1. OTP(メール)で認証する - OTP(アプリ)
→ STEP4-2. OTP(アプリ)で認証する - クライアント証明書
→ STEP4-3. クライアント証明書を使って認証する - どれを選択すれば良いか分からない
→ STEP3-1. どの認証要素を選択すれば良いか分からない
STEP3-1. どの認証要素を選択すれば良いか分からない
学外からアクセスする場合、ユーザ名とパスワード以外の認証要素が必要になります。
認証要素の選択画面が表示される場合は、学外ネットワークにアクセスしています。
学内(東京サテライトも可)にお越しのうえ、以下のいずれか(又は両方)を行ってください。
※東京サテライトで作業する場合、事前に入室制限や利用制限をご確認ください。
外部メールアドレスの登録
ワンタイムパスワードの登録
→ワンタイムパスワード認証登録手順
電子証明書の取得
→クライアント証明書の発行手順
登録・取得の作業に不安がある場合は、ヘルプデスクスタッフがサポートします。
お使いの端末をお持ちのうえ、情報社会基盤研究センター受付までお越しください。