Comment 8 for bug 1547684

We're able to get around this like previous commenters by removing token.is_admin_project:True for Horizon's Keystone policy file. However, keeping it in Keystone's copy of the policy file necessary as we utilize applications that are not yet domain aware.