Identity Providers support improvments

Identity providers can be created with specified domain
IDPs are linked to a keystone domain. Currently when we provision a new IDP
it gets created within a new autogenerated domain. Provisioners can now
give a domain_id in an IDP entry within the trusted_idp_list and the IDP
will be created within that domain.

Add IDP display_name to defaults
Allows operator a name different to the one used in the backend
to display to the user in the horizon Identity Provider dropdown.

Change-Id: Iaf9f1b9198f14c903f9801e0ce7da86b74d9c5bd

defaults/main.yml

@@ -339,6 +339,8 @@ keystone_sp: {}
 #  trusted_idp_list:
 #    note that only one of these is supported at any one time for now
 #    - name: "keystone-idp"
+#      domain_id: "default"
+#      display_name: "Keystone IDP" # Optional, used in Horizon IDP dropdown
 #      entity_ids:
 #         - 'https://keystone-idp:5000/v3/OS-FEDERATION/saml2/idp'
 #      metadata_uri: 'https://keystone-idp:5000/v3/OS-FEDERATION/saml2/metadata'

tasks/keystone_federation_sp_idp_setup.yml

@@ -127,6 +127,7 @@
         idp_name: "{{ item.name }}"
         idp_remote_ids: "{{ item.entity_ids }}"
         idp_enabled: true
+        idp_domain_id: "{{ item.domain_id | default(omit) }}"
         login_user: "{{ keystone_admin_user_name }}"
         login_password: "{{ keystone_auth_admin_password }}"
         login_project_name: "{{ keystone_admin_tenant_name }}"