All cluster topology descriptors must contain an identity-assertion
provider in the topology/gateway definition. For the minimal requirements,
see Set up Basic
Identity-Assertion.
The following is the complete structure of the identity-assertion
provider. The parameters are optional.
<provider>
<role>identity-assertion</role>
<name>Pseudo</name>
<enabled>true</enabled>
<param>
<name>principal.mapping</name>
<value>$user_ids=$cluster_user[;$user_ids=$cluster_user1;...]</value>
</param>
<param>
<name>group.principal.mapping</name>
<value>$cluster_users = $group1;$cluster_users = $group2</value>
</param>
</provider>where:
$user_idsis a comma separated list of external users or the wildcard (*) indicates all users.$cluster_userthe Hadoop cluster user name the gateway asserts, that is the effective user name.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
Note that identity-assertion rules are not required, see Set up Basic Identity Assertion
for details. However, whenever an authentication provider is configured an
|
