diff --git a/doc/source/configure_federation.rst b/doc/source/configure_federation.rst
index a657c6066..12526f8c5 100644
--- a/doc/source/configure_federation.rst
+++ b/doc/source/configure_federation.rst
@@ -70,7 +70,7 @@ Make sure you add two ** directives to the *wsgi-keystone.conf*::
SetHandler shib
-
+
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibRequireSession On
@@ -79,6 +79,10 @@ Make sure you add two ** directives to the *wsgi-keystone.conf*::
Require valid-user
+.. NOTE::
+ ``saml2`` may be different in your deployment, but do not use a wildcard value.
+ Otherwise *every* federated protocol will be handled by Shibboleth.
+
Enable the Keystone virtual host, for example:
.. code-block:: bash