Document URL: https://docs.openshift.org/latest/install_config/configuring_authentication.html#KeystonePasswordIdentityProvider Section Number and Name: #KeystonePasswordIdentityProvider Describe the issue: A url is required but missing out under "provider", please refer to as below. Need to add "optional" for "keyFile: keystonekey.pem" provider: url: https://keystone.example.com:5000/v3 # Keystone auth endpoint URL Suggestions for improvement: identityProviders: - challenge: true # When true, unauthenticated token requests from non-web clients (like the CLI) are sent a WWW-Authenticate challenge header for this provider. login: true # When true, unauthenticated token requests from web clients (like the web console) are redirected to a login page backed by this provider. name: keystone_auth # This provider name is prefixed to the returned user ID to form an identity name. provider: apiVersion: v1 url: https://keystone.example.com:5000/v3 # Keystone auth endpoint URL domainName: default # Keystone domain name. In Keystone, usernames are domain-specific. Currently this IdP only supports a single domain at a time. kind: KeystonePasswordIdentityProvider ca: ca.pem # Optional: Certificate bundle to use to validate server certificates for the configured URL. certFile: keystone.pem # Optional: Client certificate to present when making requests to the configured URL. keyFile: keystonekey.pem # Key for the client certificate. Required if certFile is specified.