Configuring X.509 client certificate authentication with i2 Analyze
If your i2 Analyze deployment uses a user registry, you can enable it to use X.509 client certificate authentication. After successful configuration, users can log in to i2 Analyze with client certificates instead of user names and passwords.
After you configure client certificate authentication, a user does not need to enter a user name and password separately. Each certificate is associated with a single user to enable authentication. Anyone that has access to a client certificate can log in to i2 Analyze as the user associated with that certificate without entering a password.
To enable a user to log in using a client certificate, the client certificate must be installed in the user's personal certificate store on the workstation they are using to access i2 Analyze. After the client certificate is installed in the personal certificate store, the user can use the certificate to log in to i2 Analyze through Analyst's Notebook.
When a user connects using Analyst's Notebook, the user chooses the certificate to use to log in when they open a connection to the Information Store.
Intended audience
In the production deployment process, you might first configure client certificate authentication in the configuration or pre-production environments. As you move to a production deployment, you must replicate any configuration changes in any new deployments.
This information is intended for readers who are familiar with managing key databases and certificates, user authentication mechanisms, and the i2 Analyze toolkit.
Prerequisites
The starting point for configuring client certificate authentication is a deployment of i2 Analyze that is configured to use Transport Layer Security on connections to the HTTP Server, and between the HTTP Server and Liberty. For more information about configuring Transport Layer Security on connections to the HTTP Server, see Configuring Transport Layer Security with i2 Analyze.
Attention: i2 takes reasonable steps to verify the suitability of i2 Analyze for internet deployment. However, it does not address lower-level issues such as guarding networks against penetration, securing accounts, protecting against brute force attacks, configuring firewalls to avoid DoS or DDoS attacks, and the like. For your deployment of i2 Analyze, follow industry-standard practices and recommendations for protection of your systems. i2 accepts no liability for the consequences of such attacks on your systems. This information is not intended to provide instructions for managing key databases or certificates.