To map effective users to groups:
Open the cluster topology descriptor file,
, in a text editor.$cluster-name
.xmlAdd a
Pseudo identity-assertion
provider totopology/gateway
with thegroup.principal.mapping
parameter as follows:<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>group.principal.mapping</name> <value>$cluster_users=$group;$cluster_users=$group</value> </param> </provider>
where the value is a semi-colon separated list of definitions and the variables are specific to your environment:
$cluster_users
is a comma separated list of effective user or the wildcard (*) indicating all users.$group
is the name of the group that the user is in for Service Level Authorization.
Save the file.
The gateway creates a new WAR file with modified timestamp in
/var/lib/knox/data/deployments
.