Configuring Identity Assertion
The Knox Gateway identity-assertion
provider determines which
principal to propagate to the backend cluster service and represent the
authenticated user. This allows the Knox Gateway to accept requests from external
users and for the internal user to potentially be a product of a mapping, some
transformation or other change to disambiguate the user identity within the
cluster.