Comment 1 for bug 1643112

Adam, can you clarify what the problem is exactly? I don't understand what you mean by "linking them all together" or "that should not be included in the stack that is then used for password or token based authentication". I don't see any reason the mapped auth plugin shouldn't be added to the [auth]/methods list.

The way I see it, where we're failing is by tightly coupling the name of the auth plugin with the name of the federation protocol. The name of the protocol is limited to what's available as an auth plugin, which is basically this list: http://git.openstack.org/cgit/openstack/keystone/tree/setup.cfg?h=14.0.0#n66

It would be better if we could create a federation protocol with an arbitrary name and then have a field that describes the valid auth plugin, e.g. `openstack federation protocol create myarbitraryprotocol --auth-plugin mapped`, is that what you're talking about?