Knox Gateway Administration Guide
Also available as:
PDF
loading table of contents...

Define Pseudo Identity Assertion

When you define the Pseudo identity-assertion provider without parameters, the authenticated user is asserted as the authenticated user. For example, using simple assertion if a user authenticates as "guest", the user's identity for grouping, authorization, and running the request is "guest".

To define a basic identify-assertion provider:

  1. Open the cluster topology descriptor file, $cluster-name.xml, in a text editor.

  2. Add a Pseudoidentity-assertion provider totopology/gateway as follows:

    <provider>
        <role>identity-assertion</role>
        <name>Pseudo</name>
        <enabled>true</enabled>
    </provider>

    <provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> </provider>

  3. Save the file.

    The gateway creates a new WAR file with modified timestamp in $gateway/data/deployments.