group federated identity docs together

several of the federated identity docs were spread out in hard
to find locations. this puts the documentation more front and
centrer. expect detailed changes for each docs in future patches.

Change-Id: I82ba117dfd02f921d72b9f010becad57da03e090

doc/source/federation/configure_federation.rst

@@ -11,7 +11,6 @@
     License for the specific language governing permissions and limitations
     under the License.
 
-===================================
 Configuring Keystone for Federation
 ===================================
 

doc/source/federation/federated_identity.rst

@@ -0,0 +1,13 @@
+==================
+Federated Identity
+==================
+
+Keystone's one-stop-shop for all federated identity documentation.
+
+.. include:: configure_federation.rst
+.. include:: mapping_combinations.rst
+.. include:: mapping_schema.rst
+.. include:: openidc.rst
+.. include:: mellon.rst
+.. include:: shibboleth.rst
+.. include:: websso.rst

doc/source/federation/mapping_combinations.rst

@@ -11,9 +11,8 @@
     License for the specific language governing permissions and limitations
     under the License.
 
-===================================
-Mapping Combinations for Federation
-===================================
+Mapping Combinations
+====================
 
 -----------
 Description

doc/source/federation/mapping_schema.rst

@@ -11,10 +11,10 @@
     License for the specific language governing permissions and limitations
     under the License.
 
-=============================
-Mapping Schema for Federation
-=============================
+Mapping Schema
+==============
 
+-----------
 Description
 -----------
 
@@ -24,6 +24,7 @@ It shows all the requirements and possibilities for a JSON to be used for mappin
 Mapping schema is validated with `JSON Schema
 <http://json-schema.org/documentation.html>`__
 
+--------------
 Mapping Schema
 --------------
 

doc/source/federation/mellon.rst

@@ -1,5 +1,3 @@
-:orphan:
-
 ..
       Licensed under the Apache License, Version 2.0 (the "License"); you may
       not use this file except in compliance with the License. You may obtain
@@ -13,12 +11,12 @@
       License for the specific language governing permissions and limitations
       under the License.
 
-==============================
-Setup Mellon (mod_auth_mellon)
-==============================
+Setup Mellon
+============
 
+------------------------------------------
 Configure Apache HTTPD for mod_auth_mellon
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+------------------------------------------
 
 Follow the steps outlined at: `Running Keystone in HTTPD`_.
 
@@ -38,7 +36,9 @@ Add *WSGIScriptAlias* directive to your vhost configuration::
     WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
 
 Make sure the *wsgi-keystone.conf* contains a *<Location>* directive for the Mellon module and
-a *<Location>* directive for each identity provider::
+a *<Location>* directive for each identity provider
+
+..code-block:: xml
 
     <Location /v3>
         MellonEnable "info"
@@ -84,8 +84,9 @@ Restart the Apache instance that is serving Keystone, for example:
 
     $ service apache2 restart
 
+----------------------------------
 Configuring the Mellon SP Metadata
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+----------------------------------
 
 Mellon provides a script called ``mellon_create_metadata.sh`` which generates the
 values for the config directives `MellonSPPrivateKeyFile`, `MellonSPCertFile`,

doc/source/federation/openidc.rst

@@ -1,5 +1,3 @@
-:orphan:
-
 ..
       Licensed under the Apache License, Version 2.0 (the "License"); you may
       not use this file except in compliance with the License. You may obtain
@@ -13,12 +11,12 @@
       License for the specific language governing permissions and limitations
       under the License.
 
-====================
 Setup OpenID Connect
 ====================
 
+----------------------------
 Configuring mod_auth_openidc
-============================
+----------------------------
 
 Federate Keystone (SP) and an external IdP using OpenID Connect (`mod_auth_openidc`_)
 
@@ -82,8 +80,9 @@ Once you are done, restart your Apache daemon:
 
     $ service apache2 restart
 
+----
 Tips
-====
+----
 
 1. When creating a mapping, note that the 'remote' attributes will be prefixed,
    with `HTTP_`, so for instance, if you set OIDCClaimPrefix to `OIDC-`, then a

doc/source/federation/shibboleth.rst

@@ -1,5 +1,3 @@
-:orphan:
-
 ..
       Licensed under the Apache License, Version 2.0 (the "License"); you may
       not use this file except in compliance with the License. You may obtain
@@ -13,12 +11,12 @@
       License for the specific language governing permissions and limitations
       under the License.
 
-================
 Setup Shibboleth
 ================
 
+-----------------------------------------
 Configure Apache HTTPD for mod_shibboleth
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-----------------------------------------
 
 Follow the steps outlined at: `Running Keystone in HTTPD`_.
 
@@ -88,8 +86,9 @@ Restart Apache, for example:
 
     $ service apache2 restart
 
+---------------------------
 Configuring shibboleth2.xml
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+---------------------------
 
 Once you have your Keystone vhost (virtual host) ready, it's then time to
 configure Shibboleth and upload your Metadata to the Identity Provider.

doc/source/federation/websso.rst

@@ -1,5 +1,3 @@
-:orphan:
-
 ..
       Licensed under the Apache License, Version 2.0 (the "License"); you may
       not use this file except in compliance with the License. You may obtain
@@ -13,12 +11,12 @@
       License for the specific language governing permissions and limitations
       under the License.
 
-===============================
-Keystone Federation and Horizon
-===============================
+Setup Web Single Sign-On (SSO)
+==============================
 
+----------------
 Keystone Changes
-================
+----------------
 
 1. Update `trusted_dashboard` in keystone.conf.
 
@@ -208,8 +206,9 @@ Or by using the `OpenStackClient CLI`_:
 .. _`OpenStackClient CLI`: http://docs.openstack.org/developer/python-openstackclient/command-objects/identity-provider.html#identity-provider-set
 .. _`OS-FEDERATION API`: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#update-identity-provider
 
+---------------
 Horizon Changes
-===============
+---------------
 
 .. NOTE::
 

doc/source/index.rst

@@ -59,12 +59,14 @@ Getting Started
 Advanced Topics
 ===============
 
+.. toctree::
+   :maxdepth: 2
+
+   federation/federated_identity
+
 .. toctree::
    :maxdepth: 1
 
-   configure_federation
-   mapping_combinations
-   mapping_schema
    configure_tokenless_x509
    auth-totp
    event_notifications