Configuring Group Mapping

To map authenticated users to groups:

Open the cluster topology descriptor file, $cluster-name.xml, in a text editor.
Add a Pseudo identity-assertion provider to topology/gateway with the group.principal.mapping parameter as follows:
```
<provider>
    <role>identity-assertion</role>
    <name>Pseudo</name>
    <enabled>true</enabled>
    <param>
        <name>group.principal.mapping</name>
        <value>$group1;$user1,$user2=group2;$user3=group2,group3</value>
    </param>
</provider>
```
where:
- the value is a semi-colon-separated list of user & group mappings and the variables are specific to your environment.
- $user1,$user2,$user3 are a comma-separated list of authenticated users or the wildcard (*) indicating all users. A username can be specified only once.
- $group1,$group2,$group3 are the names of the group that the user is in for Service Level Authorization.
Save the file.
The gateway creates a new WAR file with modified timestamp in $gateway/data/deployments.

​Configuring Group Mapping