)]}'
{"doc/source/admin/federation/openidc.inc":[{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"6f5eb2387b80b8109046c46894135922034d847f","unresolved":false,"context_lines":[{"line_number":157,"context_line":"your Identity Providers configurations, the name of the files will be"},{"line_number":158,"context_line":"the name (with path) of the Issuers like:"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":".. code-block:: dir"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"    - path-to-metadata"},{"line_number":163,"context_line":"      |"}],"source_content_type":"text/x-c++src","patch_set":1,"id":"3fa7e38b_79369ab6","line":160,"range":{"start_line":160,"start_character":16,"end_line":160,"end_character":19},"updated":"2019-11-25 18:51:19.000000000","message":"This `dir` option here does not exist. That is why you are breaking the CI system.","commit_id":"f016dbca8e94e066d098845c915cf31ff89ee31e"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"ce97aad22e525e42ba23cac1711369fb7e6f7ede","unresolved":false,"context_lines":[{"line_number":157,"context_line":"your Identity Providers configurations, the name of the files will be"},{"line_number":158,"context_line":"the name (with path) of the Issuers like:"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":".. code-block:: dir"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"    - path-to-metadata"},{"line_number":163,"context_line":"      |"}],"source_content_type":"text/x-c++src","patch_set":1,"id":"3fa7e38b_d22443c5","line":160,"range":{"start_line":160,"start_character":16,"end_line":160,"end_character":19},"in_reply_to":"3fa7e38b_79369ab6","updated":"2019-11-25 22:55:26.000000000","message":"Done","commit_id":"f016dbca8e94e066d098845c915cf31ff89ee31e"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":59,"context_line":"   OIDCResponseType \"id_token\""},{"line_number":60,"context_line":"   OIDCScope \"openid email profile\""},{"line_number":61,"context_line":"   OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration"},{"line_number":62,"context_line":"   OIDCOAuthVerifyJwksUri https://www.googleapis.com/oauth2/v3/certs"},{"line_number":63,"context_line":"   OIDCClientID \u003copenid_client_id\u003e"},{"line_number":64,"context_line":"   OIDCClientSecret \u003copenid_client_secret\u003e"},{"line_number":65,"context_line":"   OIDCCryptoPassphrase \u003crandom string\u003e"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_71ff1435","line":62,"updated":"2019-12-23 20:27:13.000000000","message":"From the documentation, \"Used when OIDCProviderMetadataURL is not defined or the metadata obtained from that URL does not set it.\" - so I think in most cases this shouldn\u0027t be necessary?","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"2598efc7f47b6e461a70a57a408b58cb2e815b59","unresolved":false,"context_lines":[{"line_number":59,"context_line":"   OIDCResponseType \"id_token\""},{"line_number":60,"context_line":"   OIDCScope \"openid email profile\""},{"line_number":61,"context_line":"   OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration"},{"line_number":62,"context_line":"   OIDCOAuthVerifyJwksUri https://www.googleapis.com/oauth2/v3/certs"},{"line_number":63,"context_line":"   OIDCClientID \u003copenid_client_id\u003e"},{"line_number":64,"context_line":"   OIDCClientSecret \u003copenid_client_secret\u003e"},{"line_number":65,"context_line":"   OIDCCryptoPassphrase \u003crandom string\u003e"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_9a209d4d","line":62,"in_reply_to":"3fa7e38b_71ff1435","updated":"2019-12-26 19:47:18.000000000","message":"You are correct, this configuration is needed if we use the AuthType auth-openidc, but when using the AuthType openid-connect, just the OIDCProviderMetadataURL is enough.","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":96,"context_line":"       AuthType openid-connect"},{"line_number":97,"context_line":"   \u003c/Location\u003e"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":".. warning::"},{"line_number":100,"context_line":"  To add support to Bearer Access Token authentication flow that is used by"},{"line_number":101,"context_line":"  applications that not adopt the browser flow, such the OpenStack CLI, you"},{"line_number":102,"context_line":"  will need to change the AuthType from ``openid-connect`` to"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_7184f4b2","line":99,"range":{"start_line":99,"start_character":3,"end_line":99,"end_character":12},"updated":"2019-12-23 20:27:13.000000000","message":"I would use note rather than warning. The warning appears as a big red box and indicates something dangerous is happening. note is just information that may be useful to some people.","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":".. warning::"},{"line_number":100,"context_line":"  To add support to Bearer Access Token authentication flow that is used by"},{"line_number":101,"context_line":"  applications that not adopt the browser flow, such the OpenStack CLI, you"},{"line_number":102,"context_line":"  will need to change the AuthType from ``openid-connect`` to"},{"line_number":103,"context_line":"  ``auth-openidc``:"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_71687421","line":101,"range":{"start_line":101,"start_character":20,"end_line":101,"end_character":23},"updated":"2019-12-23 20:27:13.000000000","message":"nit: s/not/do not/","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"3daf394866b5b1ab7bc8a264c2f2656b671bf0c0","unresolved":false,"context_lines":[{"line_number":96,"context_line":"       AuthType openid-connect"},{"line_number":97,"context_line":"   \u003c/Location\u003e"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":".. warning::"},{"line_number":100,"context_line":"  To add support to Bearer Access Token authentication flow that is used by"},{"line_number":101,"context_line":"  applications that not adopt the browser flow, such the OpenStack CLI, you"},{"line_number":102,"context_line":"  will need to change the AuthType from ``openid-connect`` to"},{"line_number":103,"context_line":"  ``auth-openidc``:"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Do the same for the WebSSO auth paths if using horizon:"},{"line_number":106,"context_line":""}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_8b8a0e18","line":103,"range":{"start_line":99,"start_character":0,"end_line":103,"end_character":19},"updated":"2019-11-26 16:41:01.000000000","message":"Oh nice! I wasn\u0027t aware that there was a directive that allowed both OIDC and OAuth 2.0 on the same directory. I usually kept this as OAuth 2.0. https://github.com/zmartzone/mod_auth_openidc/wiki/Single-Page-Applications#allowing-both-oauth-20-and-openid-connect","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":100,"context_line":"  To add support to Bearer Access Token authentication flow that is used by"},{"line_number":101,"context_line":"  applications that not adopt the browser flow, such the OpenStack CLI, you"},{"line_number":102,"context_line":"  will need to change the AuthType from ``openid-connect`` to"},{"line_number":103,"context_line":"  ``auth-openidc``:"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Do the same for the WebSSO auth paths if using horizon:"},{"line_number":106,"context_line":""}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_9163b045","line":103,"range":{"start_line":103,"start_character":18,"end_line":103,"end_character":19},"updated":"2019-12-23 20:27:13.000000000","message":"nit: s/:/./","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":139,"context_line":"    OIDCClaimPrefix \"OIDC-\""},{"line_number":140,"context_line":"    OIDCResponseType \"id_token\""},{"line_number":141,"context_line":"    OIDCScope \"openid email profile\""},{"line_number":142,"context_line":"    OIDCMetadataDir \u003c/dir/to/idps-metadata\u003e"},{"line_number":143,"context_line":"    OIDCCryptoPassphrase \u003crandom string\u003e"},{"line_number":144,"context_line":"    OIDCRedirectURI https://sp.keystone.example.org/v3/OS-FEDERATION/identity_providers/google/protocols/openid/auth"},{"line_number":145,"context_line":"    OIDCOAuthVerifyCertFiles \u003ckid\u003e#\u003c/path/to-cert.pem\u003e \u003ckid2\u003e#\u003c/path/to-cert2.pem\u003e \u003ckidN\u003e#\u003c/path/to-certN.pem\u003e"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_5189b8c4","line":142,"range":{"start_line":142,"start_character":20,"end_line":142,"end_character":43},"updated":"2019-12-23 20:27:13.000000000","message":"suggest simply \u003cIDP metadata directory\u003e","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":141,"context_line":"    OIDCScope \"openid email profile\""},{"line_number":142,"context_line":"    OIDCMetadataDir \u003c/dir/to/idps-metadata\u003e"},{"line_number":143,"context_line":"    OIDCCryptoPassphrase \u003crandom string\u003e"},{"line_number":144,"context_line":"    OIDCRedirectURI https://sp.keystone.example.org/v3/OS-FEDERATION/identity_providers/google/protocols/openid/auth"},{"line_number":145,"context_line":"    OIDCOAuthVerifyCertFiles \u003ckid\u003e#\u003c/path/to-cert.pem\u003e \u003ckid2\u003e#\u003c/path/to-cert2.pem\u003e \u003ckidN\u003e#\u003c/path/to-certN.pem\u003e"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"The ``OIDCOAuthVerifyCertFiles`` is a tuple separated with `space`"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_f190e4f5","line":144,"range":{"start_line":144,"start_character":88,"end_line":144,"end_character":94},"updated":"2019-12-23 20:27:13.000000000","message":"So even though there are multiple identity providers, keystone is still configured for just one?","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"2598efc7f47b6e461a70a57a408b58cb2e815b59","unresolved":false,"context_lines":[{"line_number":141,"context_line":"    OIDCScope \"openid email profile\""},{"line_number":142,"context_line":"    OIDCMetadataDir \u003c/dir/to/idps-metadata\u003e"},{"line_number":143,"context_line":"    OIDCCryptoPassphrase \u003crandom string\u003e"},{"line_number":144,"context_line":"    OIDCRedirectURI https://sp.keystone.example.org/v3/OS-FEDERATION/identity_providers/google/protocols/openid/auth"},{"line_number":145,"context_line":"    OIDCOAuthVerifyCertFiles \u003ckid\u003e#\u003c/path/to-cert.pem\u003e \u003ckid2\u003e#\u003c/path/to-cert2.pem\u003e \u003ckidN\u003e#\u003c/path/to-certN.pem\u003e"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"The ``OIDCOAuthVerifyCertFiles`` is a tuple separated with `space`"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_bac9d9ab","line":144,"range":{"start_line":144,"start_character":88,"end_line":144,"end_character":94},"in_reply_to":"3fa7e38b_f190e4f5","updated":"2019-12-26 19:47:18.000000000","message":"This property is just to redirect the request to a protected URL. \n\nThe URL configured in this property must be a protected one, even if I use a URL from a specific IdP, it will work with multiple IdPs, as the desired IdP is defined by the query parameter ``iss`` and not the URL.\n\nI will leave this example as http://sp.keystone.example.org/redirect_uri to avoid misunderstanding.","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":150,"context_line":"and the public certificate address"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":".. note::"},{"line_number":153,"context_line":"  This configuration is important to avoid the discovery process while"},{"line_number":154,"context_line":"  using the bearer access token authentication flow."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"The metadata folder configured in the option ``OIDCMetadataDir`` must have all"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_f1b9c47b","line":153,"range":{"start_line":153,"start_character":37,"end_line":153,"end_character":64},"updated":"2019-12-23 20:27:13.000000000","message":"I would either elaborate on why we want to avoid the discovery process or omit this note.","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":157,"context_line":"your Identity Providers configurations, the name of the files will be"},{"line_number":158,"context_line":"the name (with path) of the Issuers like:"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":".. code-block:: bash"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"    - path-to-metadata"},{"line_number":163,"context_line":"      |"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_d13928f1","line":160,"range":{"start_line":160,"start_character":16,"end_line":160,"end_character":20},"updated":"2019-12-23 20:27:13.000000000","message":"This isn\u0027t bash, would suggest just using an empty code block statement","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":159,"context_line":""},{"line_number":160,"context_line":".. code-block:: bash"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"    - path-to-metadata"},{"line_number":163,"context_line":"      |"},{"line_number":164,"context_line":"      - accounts.google.com.client"},{"line_number":165,"context_line":"      |"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_312afc90","line":162,"range":{"start_line":162,"start_character":6,"end_line":162,"end_character":22},"updated":"2019-12-23 20:27:13.000000000","message":"Is this a path? Maybe use the path from the documentation \"/var/cache/apache2/mod_auth_openidc/metadata\"","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":165,"context_line":"      |"},{"line_number":166,"context_line":"      - accounts.google.com.conf"},{"line_number":167,"context_line":"      |"},{"line_number":168,"context_line":"      - accounts.google.com.provider"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":".. note::"},{"line_number":171,"context_line":"  The name of the file must be escaped if needed. For example, if you have an"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_71095430","line":168,"updated":"2019-12-23 20:27:13.000000000","message":"Since this is supposed to demonstrate multiple IdPs, maybe describe what it would look like to have the second IdP\u0027s metadata here?","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":168,"context_line":"      - accounts.google.com.provider"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":".. note::"},{"line_number":171,"context_line":"  The name of the file must be escaped if needed. For example, if you have an"},{"line_number":172,"context_line":"  Issuer with ``/`` in the URL, then you need to escape it to ``%2F`` by"},{"line_number":173,"context_line":"  applying a URL escape in the file name."},{"line_number":174,"context_line":""}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_fcfafb0e","line":171,"range":{"start_line":171,"start_character":31,"end_line":171,"end_character":38},"updated":"2019-12-23 20:27:13.000000000","message":"\"escaped\" is the wrong word, suggest saying \"url-encoded\" or \"percent-encoded\" if you mean to make it URL-safe.\n\nWhy does it need to be URL-safe?","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":170,"context_line":".. note::"},{"line_number":171,"context_line":"  The name of the file must be escaped if needed. For example, if you have an"},{"line_number":172,"context_line":"  Issuer with ``/`` in the URL, then you need to escape it to ``%2F`` by"},{"line_number":173,"context_line":"  applying a URL escape in the file name."},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"The content of these files must be a JSON like"},{"line_number":176,"context_line":""}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_3c189374","line":173,"updated":"2019-12-23 20:27:13.000000000","message":"Maybe include an example above of a non-google IdP that has a name that needs to be encoded like this?","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":188,"context_line":"``accounts.google.com.conf``:"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"This file will be a JSON that overrides some of OIDC options. The options"},{"line_number":191,"context_line":"that are able to be overrided are listed in the"},{"line_number":192,"context_line":"`OpenID Connect Apache2 plugin documentation`_."},{"line_number":193,"context_line":""},{"line_number":194,"context_line":".. _`OpenID Connect Apache2 plugin documentation`: https://github.com/zmartzone/mod_auth_openidc/wiki/Multiple-Providers#opclient-configuration"}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_7c37ebe5","line":191,"range":{"start_line":191,"start_character":20,"end_line":191,"end_character":29},"updated":"2019-12-23 20:27:13.000000000","message":"nit: overridden","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e0f8f580ecc72471d911fc69be9c1b6a97e16ef","unresolved":false,"context_lines":[{"line_number":191,"context_line":"that are able to be overrided are listed in the"},{"line_number":192,"context_line":"`OpenID Connect Apache2 plugin documentation`_."},{"line_number":193,"context_line":""},{"line_number":194,"context_line":".. _`OpenID Connect Apache2 plugin documentation`: https://github.com/zmartzone/mod_auth_openidc/wiki/Multiple-Providers#opclient-configuration"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"If you do not want to override the config values, you can leave this file as"},{"line_number":197,"context_line":"an empty JSON like ``{}``."}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_fc48bb62","line":194,"updated":"2019-12-23 20:27:13.000000000","message":"This wiki page seems to explain everything needed to configure multiple IdPs. Instead of maintaining this whole section, could we just add a link to that documentation and keep this limited to anything keystone-specific about the setup?","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"2598efc7f47b6e461a70a57a408b58cb2e815b59","unresolved":false,"context_lines":[{"line_number":191,"context_line":"that are able to be overrided are listed in the"},{"line_number":192,"context_line":"`OpenID Connect Apache2 plugin documentation`_."},{"line_number":193,"context_line":""},{"line_number":194,"context_line":".. _`OpenID Connect Apache2 plugin documentation`: https://github.com/zmartzone/mod_auth_openidc/wiki/Multiple-Providers#opclient-configuration"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"If you do not want to override the config values, you can leave this file as"},{"line_number":197,"context_line":"an empty JSON like ``{}``."}],"source_content_type":"text/x-c++src","patch_set":2,"id":"3fa7e38b_5d669ff0","line":194,"in_reply_to":"3fa7e38b_fc48bb62","updated":"2019-12-26 19:47:18.000000000","message":"Yes, there is a wiki page, but some configurations are not clearly defined in the wiki (like the metadata file .conf which must be an empty JSON `` {} `` if there is no configuration to be overridden) and it lacks some examples of metadata files, so I thought to create a section to ease the configuration process of multiple IdPs, but I agree with you, it will be one more documentation to maintain.","commit_id":"f51b7243699c6258a9e030378cc1a4734ee64b77"}]}