Document URL: 
https://docs.openshift.org/latest/install_config/configuring_authentication.html#KeystonePasswordIdentityProvider

Section Number and Name: 
#KeystonePasswordIdentityProvider

Describe the issue: 
A url is required but missing out under "provider", please refer to as below.
Need to add "optional" for "keyFile: keystonekey.pem"

    provider:
      url: https://keystone.example.com:5000/v3 # Keystone auth endpoint URL

Suggestions for improvement: 

  identityProviders:
  - challenge: true     # When true, unauthenticated token requests from non-web clients (like the CLI) are sent a WWW-Authenticate challenge header for this provider.
    login: true         # When true, unauthenticated token requests from web clients (like the web console) are redirected to a login page backed by this provider.
    name: keystone_auth # This provider name is prefixed to the returned user ID to form an identity name.
    provider:
      apiVersion: v1
      url: https://keystone.example.com:5000/v3 # Keystone auth endpoint URL
      domainName: default      # Keystone domain name. In Keystone, usernames are domain-specific. Currently this IdP only supports a single domain at a time.
      kind: KeystonePasswordIdentityProvider
      ca: ca.pem               # Optional: Certificate bundle to use to validate server certificates for the configured URL.
      certFile: keystone.pem   # Optional: Client certificate to present when making requests to the configured URL.
      keyFile: keystonekey.pem # Key for the client certificate. Required if certFile is specified.