4.1. Configure Group Mappings

To map effective users to groups:

Open the cluster topology descriptor file, $cluster-name.xml, in a text editor.
Add a Pseudo identity-assertion provider to topology/gateway with the group.principal.mapping parameter as follows:
```
<provider>
   <role>identity-assertion</role>
   <name>Pseudo</name>
   <enabled>true</enabled>
   <param>
        <name>group.principal.mapping</name>
        <value>$cluster_users=$group;$cluster_users=$group</value>
   </param>
</provider>
```
where the value is a semi-colon separated list of definitions and the variables are specific to your environment:
- $cluster_users is a comma separated list of effective user or the wildcard (*) indicating all users.
- $group is the name of the group that the user is in for Service Level Authorization.
Save the file.
The gateway creates a new WAR file with modified timestamp in /var/lib/knox/data/deployments .