Configuring Group Mapping
To map authenticated users to groups:
- Open the cluster topology descriptor file, - $cluster-name.xml, in a text editor.
- Add a - Pseudo identity-assertionprovider to- topology/gatewaywith the- group.principal.mappingparameter as follows:- <provider> <role>identity-assertion</role> <name>Pseudo</name> <enabled>true</enabled> <param> <name>group.principal.mapping</name> <value>$group1;$user1,$user2=group2;$user3=group2,group3</value> </param> </provider>- where: - the value is a semi-colon-separated list of user & group mappings and the variables are specific to your environment. 
- $user1,$user2,$user3are a comma-separated list of authenticated usernames or the wildcard (*) indicating all users. A username can be specified only once.
- $group1,$group2,$group3are the names of the group that the user is in for Service Level Authorization.
 
- Save the file. - The gateway creates a new WAR file with modified timestamp in - $gateway/data/deployments.

