To map authenticated users to groups:
Open the cluster topology descriptor file,
$cluster-name.xml
, in a text editor.Add a
Pseudo identity-assertion
provider totopology/gateway
with thegroup.principal.mapping
parameter as follows:<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>group.principal.mapping</name> <value> $cluster_users = $group ; $cluster_users = $group </value> </param> </provider>
where:
the value is a semi-colon-separated list of definitions and the variables are specific to your environment.
$cluster_users
is a comma-separated list of authenticated user or the wildcard (*) indicating all users.$group
is the name of the group that the user is in for Service Level Authorization.
Save the file.
The gateway creates a new WAR file with modified timestamp in
$gateway/data/deployments
.