Configuring Group Mapping
To map authenticated users to groups:
Open the cluster topology descriptor file,
$cluster-name.xml
, in a text editor.Add a
Pseudo identity-assertion
provider totopology/gateway
with thegroup.principal.mapping
parameter as follows:<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>group.principal.mapping</name> <value>$group1;$user1,$user2=group2;$user3=group2,group3</value> </param> </provider>
where:
the value is a semi-colon-separated list of user & group mappings and the variables are specific to your environment.
$user1,$user2,$user3
are a comma-separated list of authenticated usernames or the wildcard (*) indicating all users. A username can be specified only once.$group1,$group2,$group3
are the names of the group that the user is in for Service Level Authorization.
Save the file.
The gateway creates a new WAR file with modified timestamp in
$gateway/data/deployments
.