Default Identity Assertion Provider
The default identity assertion provider enables simple mapping of principal usernames and groups and is responsible for the establishing the identity that gets propagated to the cluster service as the effective user.
When you define the Default identity-assertion
provider
without parameters, the authenticated user is asserted as the authenticated
user. For example, using simple assertion if a user authenticates as
"guest", the user's identity for grouping, authorization, and
running the request is "guest". <name>Pseudo</name>
identity assertion was renamed <name>Default</name>
, but
both are supported in config.
To define a basic identify-assertion provider:
Open the cluster topology descriptor file,
$cluster-name.xml
, in a text editor.Add a
Default identity-assertion
provider totopology/gateway
as follows:<provider> <role>identity-assertion</role> <name>Default</name> <enabled>true</enabled> </provider>
<provider> <role>identity-assertion</role> <name>Default</name> <enabled>true</enabled> </provider>
Save the file.
The gateway creates a new WAR file with modified timestamp in
$gateway/data/deployments
.