Here is an example of how a policy file might be set up.
saml-vo-mapping="ON" kpwd="ON" grid-mapfile="OFF" gplazmalite-vorole-mapping="OFF" saml-vo-mapping-priority="1" kpwd-priority="3" grid-mapfile-priority="4" gplazmalite-vorole-mapping-priority="2" kpwdPath="/opt/d-cache/etc/dcache.kpwd" gridMapFilePath="/etc/grid-security/grid-mapfile" storageAuthzPath="/etc/grid-security/storage-authzdb" mappingServiceUrl="https://fledgling09.fnal.gov:8443/gums/services/GUMSAuthorizationServicePort" saml-vo-mapping-cache-lifetime="60" gridVoRolemapPath="/etc/grid-security/grid-vorolemap" gridVoRoleStorageAuthzPath="/etc/grid-security/storage-authzdb"
In this case, gPlazma will attempt to authorize first
through a GUMS server, and fall back to using
dcache.kpwd. The mappingServiceUrl would
have to be changed to a GUMS server appropriate for the site.