All cluster topology descriptors must contain an identity-assertion
provider in the topology/gateway
definition. For the minimal requirements,
see Set up Basic
Identity-Assertion.
The following is the complete structure of the identity-assertion
provider. The parameters are optional.
<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>principal.mapping</name> <value>$user_ids=$cluster_user[;$user_ids=$cluster_user1;...]</value> </param> <param> <name>group.principal.mapping</name> <value>$cluster_users = $group1;$cluster_users = $group2</value> </param> </provider>
where:
$user_ids
is a comma separated list of external users or the wildcard (*) indicates all users.$cluster_user
the Hadoop cluster user name the gateway asserts, that is the effective user name.
Note | |
---|---|
Note that identity-assertion rules are not required, see Set up Basic Identity Assertion
for details. However, whenever an authentication provider is configured an
|