Configuring Proxy with Apache Knox
Also available as:
PDF
loading table of contents...

Define a Default Identity Assertion Provider

The default identity assertion provider enables simple mapping of principal usernames and groups and is responsible for the establishing the identity that gets propagated to the cluster service as the effective user.

When you define the Default identity-assertion provider without parameters, the authenticated user is asserted as the authenticated user. For example, using simple assertion if a user authenticates as "guest", the user's identity for grouping, authorization, and running the request is "guest". <name>Pseudo</name> identity assertion was renamed <name>Default</name>, but both are supported in config.

  1. Open the cluster topology descriptor file, $cluster-name.xml, in a text editor.
  2. Add a Default identity-assertion provider totopology/gateway as follows:
    <provider>
        <role>identity-assertion</role>
        <name>Default</name>
        <enabled>true</enabled>
    </provider>
  3. Save the file.
    The gateway creates a new WAR file with modified timestamp in $gateway/data/deployments.