diff --git a/doc/source/configure_federation.rst b/doc/source/configure_federation.rst
index a657c6066..12526f8c5 100644
--- a/doc/source/configure_federation.rst
+++ b/doc/source/configure_federation.rst
@@ -70,7 +70,7 @@ Make sure you add two *<Location>* directives to the *wsgi-keystone.conf*::
         SetHandler shib
     </Location>
 
-    <LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth>
+    <LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/saml2/auth>
         ShibRequestSetting requireSession 1
         AuthType shibboleth
         ShibRequireSession On
@@ -79,6 +79,10 @@ Make sure you add two *<Location>* directives to the *wsgi-keystone.conf*::
         Require valid-user
     </LocationMatch>
 
+.. NOTE::
+    ``saml2`` may be different in your deployment, but do not use a wildcard value.
+    Otherwise *every* federated protocol will be handled by Shibboleth.
+
 Enable the Keystone virtual host, for example:
 
 .. code-block:: bash