Configuring SPNEGO single sign-on for i2 Analyze

The following section describes how to configure i2 Analyze with Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) single sign-on. The instructions detail how to configure SPNEGO single sign-on with an existing deployment of i2 Analyze.

Intended audience

In the production deployment process, you might first configure SPNEGO single sign-on in the configuration or pre-production environments. As you move to a production deployment, you must replicate any configuration changes in any new deployments.

This section is intended for readers who are familiar with configuring and managing domain controllers, Microsoft™ Active Directory, and have an understanding of SPNEGO single sign-on.

There are many different single sign-on technologies. This section defines a SPNEGO single sign-on setup with workstations that are members of the same Microsoft Active Directory domain. i2 Analyze uses the users and groups in Active Directory to determine the authorization of users.

The instructions assume that the following prerequisites are installed and accessible:
  • A Microsoft Windows® Server running an Active Directory Domain Controller and associated Kerberos Key Distribution Center (KDC).
  • A Microsoft Windows® domain member (client) with a web browser that supports the SPNEGO authentication mechanism.
  • A working deployment of i2 Analyze that can be accessed by users in Active Directory.

For information on the prerequisites, see the Before you begin section of Configuring SPNEGO authentication .

Attention: i2 takes reasonable steps to verify the suitability of i2® Analyze for internet deployment. However, it does not address lower-level issues such as guarding networks against penetration, securing accounts, protecting against brute force attacks, configuring firewalls to avoid DoS or DDoS attacks, and the like. For your deployment of i2 Analyze, follow industry-standard practices and recommendations for protection of your systems. i2 accepts no liability for the consequences of such attacks on your systems. This information is not intended to provide instructions for managing key databases or certificates.