..
    Warning: Do not edit this file. It is automatically generated from the
    software project's code and your changes will be overwritten.

    The tool to generate this file lives in openstack-doc-tools repository.

    Please make any changes needed in the code, then run the
    autogenerate-config-doc tool from the openstack-doc-tools repository, or
    ask for help on the documentation mailing list, IRC channel or meeting.

.. _keystone-federation:

.. list-table:: Description of federation configuration options
   :header-rows: 1
   :class: config-ref-table

   * - Configuration option = Default value
     - Description
   * - **[federation]**
     -
   * - ``assertion_prefix`` =
     - (String) Value to be used when filtering assertion parameters from the environment.
   * - ``driver`` = ``sql``
     - (String) Entrypoint for the federation backend driver in the keystone.federation namespace.
   * - ``federated_domain_name`` = ``Federated``
     - (String) A domain name that is reserved to allow federated ephemeral users to have a domain concept. Note that an admin will not be able to create a domain with this name or update an existing domain to this name. You are not advised to change this value unless you really have to.
   * - ``remote_id_attribute`` = ``None``
     - (String) Value to be used to obtain the entity ID of the Identity Provider from the environment (e.g. if using the mod_shib plugin this value is `Shib-Identity-Provider`).
   * - ``sso_callback_template`` = ``/etc/keystone/sso_callback_template.html``
     - (String) Location of Single Sign-On callback handler, will return a token to a trusted dashboard host.
   * - ``trusted_dashboard`` = ``[]``
     - (Multi-valued) A list of trusted dashboard hosts. Before accepting a Single Sign-On request to return a token, the origin host must be a member of the trusted_dashboard list. This configuration option may be repeated for multiple values. For example: trusted_dashboard=http://acme.com/auth/websso trusted_dashboard=http://beta.com/auth/websso