Make corrections and clarifications to the OpenID Connect federation
plugin documentation, including:
- Generalize the note about Remote IDs to include OpenID Connect
- Add the https:// scheme to the notes about Google's remote ID.
Originally Google's Issuer Identifier did not use the https://
scheme. It now claims to allow both[1] but in testing I often ran
into the error "Could not find Identity Provider:
https://accounts.google.com." when the remote-id was given as
"accounts.google.com".
- Make shell examples consistent with each other by including prompt
symbols and "sudo" where needed
- Fix the apache module configuration instructions: on Ubuntu, the
package installed in the earlier step already adds the LoadModule
config, but does not automatically enable the module
- Fix OIDCRedirectURI directive examples: fix typo and remove /redirect
ending, which would cause a 404 error
Also, this patch changes references to the 'oidc' plugin to 'openid'
since 'oidc' does not exist. 'mapped' could also be used as the name of
this plugin and protocol[2]. However, the documentation is structured in
a such a way that it demonstrates using both SAML And OIDC plugins side
by side, which is only possible when they have different names. Rather
than trying to decouple these examples this patch opts to keep the
openid plugin examples distinct from the SAML plugin examples.
[1] https://developers.google.com/identity/protocols/OpenIDConnect
[2] https://git.openstack.org/cgit/openstack/keystone-specs/tree/specs/keystone/juno/generic-mapping-federation.rst
Change-Id: Ie5a07f9d6f3571b0559f91c9620f5328e4c6d7cc