The gateway evaluates the list in order, from left to right; therefore a user matching multiple entries, resolves to the first matching instance.
In the following example, when a user authenticates as guest,
the gateway asserts the user as sam
and all other users as
dwayne
.
<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>principal.mapping</name> <value>guest=sam;*=dwayne</value> </param> </provider>
The following example shows how to map multiple users to different cluster accounts:
<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>principal.mapping</name> <value>guest,joe,brenda,administrator=sam;janet,adam,sue=dwayne</value> </param> </provider>