6. Configuring Group Mapping

To map authenticated users to groups:

Open the cluster topology descriptor file, $cluster-name.xml, in a text editor.
Add a Pseudo identity-assertion provider to topology/gateway with the group.principal.mapping parameter as follows:
<provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>group.principal.mapping</name> <value> $cluster_users = $group ; $cluster_users = $group </value> </param> </provider>
where:
- the value is a semi-colon-separated list of definitions and the variables are specific to your environment.
- $cluster_users is a comma-separated list of authenticated user or the wildcard (*) indicating all users.
- $group is the name of the group that the user is in for Service Level Authorization.
Save the file.
The gateway creates a new WAR file with modified timestamp in $gateway/data/deployments.