Major Description
I've been running into situations where customers need to do more complex identity mapping than the current providers can handle. I have a prototype that can do this sort of thing.
Static
<provider>
<role>federation</role>
<name>HeaderPreAuth</name>
<enabled>true</enabled>
</provider>
<provider>
<role>identity-assertion</role>
<name>Regex</name>
<enabled>true</enabled>
<param>
<name>output</name>
<value>static-user</value>
</param>
</provider>
This will yieid results like this
curl -k --header "SM_USER: member@us.apache.org" 'https://localhost:8443/gateway/sandbox/webhdfs/v1?op=GETHOMEDIRECTORY' {"Path":"/user/static-user"}
Regex
<provider>
<role>federation</role>
<name>HeaderPreAuth</name>
<enabled>true</enabled>
</provider>
<provider>
<role>identity-assertion</role>
<name>Regex</name>
<enabled>true</enabled>
<param>
<name>input</name>
<value>(.*)@(.*?)\..*</value>
</param>
<param>
<name>output</name>
<value>{1}_{[2]}</value>
</param>
<param>
<name>lookup</name>
<value>us=USA;ca=CANADA</value>
</param>
</provider>
This will yield this type of results.
curl -k --header "SM_USER: member@us.apache.org" 'https://localhost:8443/gateway/sandbox/webhdfs/v1?op=GETHOMEDIRECTORY' {"Path":"/user/member_USA"} url -k --header "SM_USER: member@ca.apache.org" 'https://localhost:8443/gateway/sandbox/webhdfs/v1?op=GETHOMEDIRECTORY' {"Path":"/user/member_CANADA"}