The gateway evaluates the list in order, from left to right; therefore a user matching multiple entries, resolves to the first matching instance.

In the following example, when a user authenticates as, the gateway asserts the user as, and all other users as.

<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>principal.mapping</name> <value>guest=sam;*=dwayne</value> </param> </provider>

The following example shows how to map multiple users to different cluster accounts:

<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>principal.mapping</name> <value>guest,joe,brenda,administrator=sam;janet,adam,sue=dwayne</value> </param> </provider>