The gateway evaluates the list in order, from left to right; therefore a user matching multiple entries, resolves to the first matching instance.
In the following example, when a user authenticates as guest, the gateway asserts the user as sam and all other users as dwayne.
<provider>
<role>identity-assertion</role>
<name>Pseudo</name>
<enabled>true</enabled>
<param>
<name>principal.mapping</name>
<value>guest=sam;*=dwayne</value>
</param>
</provider>
The following example shows how to map multiple users to different cluster accounts:
<provider>
<role>identity-assertion</role>
<name>Pseudo</name>
<enabled>true</enabled>
<param>
<name>principal.mapping</name>
<value>guest,joe,brenda,administrator=sam;janet,adam,sue=dwayne</value>
</param>
</provider>