I am having this same issue. We are trying to federate with an ADFS server but have no examples of these mapping files that it is asking for. If you get any resolution, please let us know!

The product documentation has been updated.  If you go to that link again you will see the latest updates.

Were you able to get this working? When i follow the new instructions I get the below error on this task: TASK [keystone : configure keystone for additonal domains and groups]

FAILED! => {"changed": false, "failed": true, "module_stderr": "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:860: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n  InsecureRequestWarning)\n/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:860: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n  InsecureRequestWarning)\nTraceback (most recent call last):\n  File \"/tmp/ansible_9K1pnr/ansible_module_keystone_config.py\", line 565, in <module>\n    main()\n  File \"/tmp/ansible_9K1pnr/ansible_module_keystone_config.py\", line 549, in main\n    **auth)\n  File \"/tmp/ansible_9K1pnr/ansible_module_keystone_config.py\", line 112, in authenticate\n    region_name=region_name)\n  File \"/usr/lib/python2.7/dist-packages/keystoneclient/client.py\", line 62, in Client\n    d = discover.Discover(session=session, **kwargs)\n  File \"/usr/lib/python2.7/dist-packages/keystoneclient/discover.py\", line 178, in __init__\n    authenticated=authenticated)\n  File \"/usr/lib/python2.7/dist-packages/keystoneclient/_discover.py\", line 143, in __init__\n    authenticated=authenticated)\n  File \"/usr/lib/python2.7/dist-packages/keystoneclient/_discover.py\", line 38, in get_version_data\n    resp = session.get(url, headers=headers, authenticated=authenticated)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/session.py\", line 840, in get\n    return self.request(url, 'GET', **kwargs)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/session.py\", line 573, in request\n    auth_headers = self.get_auth_headers(auth)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/session.py\", line 900, in get_auth_headers\n    return auth.get_headers(self, **kwargs)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/plugin.py\", line 95, in get_headers\n    token = self.get_token(session)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/identity/base.py\", line 88, in get_token\n    return self.get_access(session).auth_token\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/identity/base.py\", line 134, in get_access\n    self.auth_ref = self.get_auth_ref(session)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/identity/generic/base.py\", line 201, in get_auth_ref\n    return self._plugin.get_auth_ref(session, **kwargs)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py\", line 177, in get_auth_ref\n    authenticated=False, log=False, **rkwargs)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/session.py\", line 848, in post\n    return self.request(url, 'POST', **kwargs)\n  File \"/usr/lib/python2.7/dist-packages/keystoneauth1/session.py\", line 737, in request\n    raise exceptions.from_response(resp, method, url)\nkeystoneauth1.exceptions.http.Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-82ddf38d-427a-48d6-b37f-fd720d4b843b)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

I am having the domain mapped to the current Default domain which is already setup with admin accounts and roles. I don't want to have a second domain unless its required for federation?

Anyone else run into this?

Thank you!