Testing i2 Analyze with SPNEGO single sign-on on the client workstation

To test the SPNEGO single sign-on setup, connect to i2 Analyze from a domain client workstation. The user that is logged in to the domain client is logged in to i2 Analyze.

  • Your web browser must be configured according to step 3 in Configuring SPNEGO authentication in Liberty.
  • You must be logged in to the client workstation as one of the users in the domain controller, who is in at least one group per security dimension in the i2 Analyze security schema.
Log in to the client workstation as users with different access levels. For each user, complete the following steps to demonstrate that authorization is working correctly when you are using SPNEGO single sign-on.
  1. Open your web browser, and navigate to http://host_name/opal (where host_name is the fully qualified domain name or IP address of the server that hosts the i2 Analyze application).
  2. Create, browse, and search for data, to ensure that your are authenticated and authorized with the platform correctly.
    Note: When you create items, ensure that the permissions are set up so that you have access to view them.

After you test your changes, you can configure user access to features. To access the REST endpoints, a user must be a member of a group that has the i2:Administrator permission under command access control. For more information, see Configuring command access control.