Ensure [mapped] remote_id_attribute is purged

... otherwise the option can be left even after websso is disabled.

Change-Id: I53afdc8ba16596c80cd6dcd25a1a531fe45ae03d

manifests/federation/mellon.pp

@@ -66,6 +66,10 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
     keystone_config {
       'mapped/remote_id_attribute': value => 'MELLON_IDP';
     }
+  } else {
+    keystone_config {
+      'mapped/remote_id_attribute': ensure => absent;
+    }
   }
 
   concat::fragment { 'configure_mellon_keystone':

spec/classes/keystone_federation_mellon_spec.rb

@@ -48,6 +48,7 @@ describe 'keystone::federation::mellon' do
 
       it 'should have basic params for mellon in Keystone configuration' do
         is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
+        is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_ensure('absent')
       end
 
       it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({