---
prelude: >
    Deprecated the PKI and PKIz token formats. They will be removed in the 'O' release.
deprecations:
  - >
    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
    As of the Mitaka release, the PKI and PKIz token formats have been
    deprecated. They will be removed in the 'O' release. Due to this change,
    the `hash_algorithm` option in the `[token]` section of the
    configuration file has also been deprecated. Also due to this change, the
    ``keystone-manage pki_setup`` command has been deprecated as well.
  - >
    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
    As of the Mitaka release, write support for the LDAP driver of the Identity
    backend has been deprecated. This includes the following operations: create user,
    create group, delete user, delete group, update user, update group,
    add user to group, and remove user from group. These operations will be
    removed in the 'O' release.
  - >
    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
    As of the Mitaka release, the auth plugin `keystone.auth.plugins.saml2.Saml2`
    has been deprecated. It is recommended to use `keystone.auth.plugins.mapped.Mapped`
    instead. The ``saml2`` plugin will be removed in the 'O' release.
  - >
    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
    As of the Mitaka release, the simple_cert_extension is deprecated since it
    is only used in support of the PKI and PKIz token formats.  It will be
    removed in the 'O' release.