OIDC script updates

Per Teresa H. OIDC CLI access script is part of image and does not need to
be downloaded.
Cleaned up explicit references to DS doenloads location and replaced with
placeholder.
Added note that oidc-auth script needs to be downloaded if used from remote
hosts
Patchset2 review updates

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: I9e713b9c41d8dbe4bad0fe0c2866c913853a79db

doc/source/deploy_install_guides/r5_release/bare_metal/configuring-a-pxe-boot-server.rst

@@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
 
 .. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb:
 
-#.  Copy the ISO image from the source \(product DVD, USB device, or WindShare
-    `http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
-    temporary location on the PXE boot server.
+#.  Copy the ISO image from the source \(product DVD, USB device, or
+    |dnload-loc| to a temporary location on the |PXE| boot server.
 
-    This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
+    This example assumes that the copied image file is
+    ``tmp/TS-host-installer-1.0.iso``.
 
 #.  Mount the ISO image and make it executable.
 

doc/source/deploy_install_guides/r6_release/bare_metal/configuring-a-pxe-boot-server.rst

@@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
 
 .. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb-r6:
 
-#.  Copy the ISO image from the source \(product DVD, USB device, or WindShare
-    `http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
-    temporary location on the PXE boot server.
+#.  Copy the ISO image from the source \(product DVD, USB device, or
+    |dnload-loc| to a temporary location on the |PXE| boot server.
 
-    This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
+    This example assumes that the copied image file is
+    ``tmp/TS-host-installer-1.0.iso``.
 
 #.  Mount the ISO image and make it executable.
 

doc/source/security/kubernetes/obtain-the-authentication-token-using-the-oidc-auth-shell-script.rst

@@ -24,6 +24,8 @@ credential for the user in the **kubectl** config file.
 -   On controller-0, **oidc-auth** is installed as part of the base |prod|
     installation, and ready to use.
 
+-   On remote hosts, **oidc-auth** must be installed from |dnload-loc|.
+
 .. xbooklink
 
    -   On a remote workstation using remote-cli container, **oidc-auth** is
@@ -31,17 +33,15 @@ credential for the user in the **kubectl** config file.
         information on configuring remote CLI access, see |sysconf-doc|:
         :ref:`Configure Remote CLI Access <configure-remote-cli-access>`.
 
--   On a remote host, when using directly installed **kubectl** and **helm**, the following setup is required:
+-   On a remote host, when using directly installed **kubectl** and **helm**,
+    the following setup is required:
 
 
     -   Install "Python Mechanize" module using the following command:
 
         .. code-block:: none
 
-            # sudo pip2 install mechanize
-
-    -   Get the **oidc-auth** script from WindShare.
-
+            sudo pip2 install mechanize
 
 
 .. note::
@@ -55,7 +55,8 @@ credential for the user in the **kubectl** config file.
     credentials in **kubectl** config file with the retrieved token.
 
 
-    -   If **oidc-auth-apps** is deployed with a single backend **ldap** connector, run the following command:
+    -   If **oidc-auth-apps** is deployed with a single backend **ldap**
+        connector, run the following command:
 
         .. code-block:: none
 
@@ -71,17 +72,16 @@ credential for the user in the **kubectl** config file.
             Updating kubectl config ...
             User testuser set.
 
-    -   If **oidc-auth-apps** is deployed with multiple backend **ldap** connectors, run the following command:
+    -   If **oidc-auth-apps** is deployed with multiple backend **ldap**
+        connectors, run the following command:
 
         .. code-block:: none
 
             ~(keystone_admin)]$ oidc-auth -b <connector-id> -c <ip> -u <username>
 
-
-
     .. note::
-        If you are running **oidc-auth** within the |prod| containerized
-        remote CLI, you must use the -p <password> option to run the command
+        If you are running **oidc-auth** within the |prod| containerized remote
+        CLI, you must use the ``-p <password>`` option to run the command
         non-interactively.
 
 

doc/source/security/kubernetes/overview-of-windows-active-directory.rst

@@ -11,14 +11,13 @@ to authenticate users of the Kubernetes API, using the **oidc-auth-apps**
 application.
 
 The **oidc-auth-apps** application installs a proxy |OIDC| identity provider
-that can be configured to proxy authentication requests to an LDAP \(s\)
-identity provider, such as Windows Active Directory. For more information,
-see, `https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
-**oidc-auth-apps** application also provides an |OIDC| client for accessing
-the username and password |OIDC| login page for user authentication and
-retrieval of tokens. An **oidc-auth** CLI script, available on Wind Share, at
-`https://windshare.windriver.com/ <https://windshare.windriver.com/>`__, can
-also be used for |OIDC| user authentication and retrieval of tokens.
+that can be configured to proxy authentication requests to an |LDAP| \(s\)
+identity provider, such as Windows Active Directory. For more information, see,
+`https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
+**oidc-auth-apps** application also provides an |OIDC| client for accessing the
+username and password |OIDC| login page for user authentication and retrieval
+of tokens. An **oidc-auth** CLI script can also be used for |OIDC| user
+authentication and retrieval of tokens.
 
 In addition to installing and configuring the **oidc-auth-apps**
 application, the admin must also configure Kubernetes cluster's