1. Structure of the Identity-Assertion Provider

All cluster topology descriptors must contain anidentity-assertion provider in thetopology/gateway definition.

The following is the complete structure of theidentity-assertion provider. The parameters are optional.

 <value> $user_ids = $cluster_user [; $user_ids = $cluster_user1 ;...]</value>
 <value> $cluster_users = $group1 ; $cluster_users = $group2 </value>


  • $user_idsis a comma-separated list of external users or the wildcard (*) indicates all users.

  • $cluster_user the Hadoop cluster user name the gateway asserts, that is the authenticated user name.


Note that identity-assertion rules are not required; however, whenever an authentication provider is configured an identity-assertion provider is also required.

loading table of contents...