Skip to Main Content

OpenAthens @ NOAA

NOAA Library Single Sign On Troubleshooting 

The page addresses well known issues users may encounter with Single Sign on (SSO), which is enabled for the our resources via OpenAthens as well as the Library Catalog.

As NOAA Library leverages NOAA's Single Sign On, a large portion of this documentation is largely based on the NOAA ICAM's help documentation, but has been customized to provide more context to specify how it SSO interacts with Primo.

If you simply interested in the the NOAA SSO process and would like to see a general walkthrough, visit the the following page (available for NOAA staff only)

Common SSO Issues

The section aims to walk you through some common troubleshooting steps if you are experiencing issues with NOAA SSO.

 

"Unable to find your CAC/PIV info in our directory" message

 

 

 

 

 

 

 

 

 

 

"Unable to find your CAC/PIV info in our directory" message

If you receive this message, you nevertheless should be able access library resources via NOAA SSO. You just need to take the steps listed below. 

Either open a new browser window in private mode (Incognito for Chrome, Private Window for Firefox, InPrivate for Edge) and begin the SSO process again, however, when you are prompted to select your certificate, click on the cancel button.

In clicking cancel, you should see the message - "Unable to read the certificate on your smart card". Click the teal continue button. 

In clicking continue, you will be prompted to enter your NOAA Username and Password. For your NOAA Username, do not enter @noaa.gov at the end.

 

Do not get certificate prompt for CAC login

During the SSO process, you should be prompted to select a certificate - see more information on ICAM's SSO Login Steps page.

If not, there are two possible issues with not getting prompted to choose a certificate during SSO login:

  1. If you are using Firefox, refer to Firefox CAC Enablement help page to enable the CAC module for your Firefox. This module is not enabled by default.
  2. Most browsers remember your choice for the certificate prompt. Therefore, if you cancel the certificate prompt, it will not prompt next time you attempt to login. In this case, close all browser windows you attempted to login and open a new browser window in private mode (Incognito for Chrome, Private Window for Firefox, InPrivate for Edge) and try to login again.

 

"UNABLE TO LOGIN" message

  • The most common cause of this error is when the user selects the wrong certificate. Users must only use the Authentication or ID certificate on their NOAA CAC to login to SSO.
  • Close the all the browser windows you  you attempted to login to Primo and try again. These time, select the ID/Authentication certificate on your NOAA CAC.  

 

"Your Account has been temporarily locked. " message

You see this message after five failed login attempts, your ICAM account gets locked. This is an automate process and your account will be unlocked automatically after 5 minutes. You can try logging in after 5 minutes. If you don't remember your password, contact your local IT department for a password reset request.

 

Cannot use CAC to login after a name change

Any change to a user email address must also trigger an update to any CAC associated with the address. It is suggested that the CAC card not be changed until shortly after the new address actually exists and is in use. Scheduling this is a local responsibility. Failure to update your CAC would cause NOAA SSO login issues. 

After updating your CAC, it may take up to a week for this update to be reflected in ICAM.

 

Cannot use CAC to login after updating CAC

It may take up to one week for ICAM reflect updated CAC date. This process involves the cleanup of the old certificate and the population user's profile with the new certificate which may take several days.