Structure of the Identity-Assertion Provider
All cluster topology descriptors must contain anidentity-assertion
provider in thetopology/gateway
definition.
The following is the complete structure of theidentity-assertion
provider. The parameters are optional.
<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>principal.mapping</name> <value> $user_ids = $cluster_user [; $user_ids = $cluster_user1 ;...]</value> </param> <param> <name>group.principal.mapping</name> <value> $cluster_users = $group1 ; $cluster_users = $group2 </value> </param> </provider>
where:
$user_ids
is a comma-separated list of external users or the wildcard (*) indicates all users.$cluster_user
the Hadoop cluster user name the gateway asserts, that is the authenticated user name.
Note | |
---|---|
Note that identity-assertion rules are not required; however, whenever an authentication provider is configured
an |