We're able to get around this like previous commenters by removing token.is_admin_project:True for Horizon's Keystone policy file. However, keeping it in Keystone's copy of the policy file necessary as we utilize applications that are not yet domain aware.
We're able to get around this like previous commenters by removing token.is_ admin_project: True for Horizon's Keystone policy file. However, keeping it in Keystone's copy of the policy file necessary as we utilize applications that are not yet domain aware.