Description of problem:

https://access.redhat.com/documentation/en/red-hat-xpaas/version-0/red-hat-xpaas-sso-image/#deploying_the_sso_application_template

We explain that a template is used, however at the end of this section we only state how to access the application (but don't explain how the routing to this application was setup).

The only note's (context) we have on this are provided in: 

> The SSO web console can be accessed at https://secure-sso-<sso-app-demo>.<openshift32.example.com>/auth/admin using the admin user.

> Note
>This example workflow uses a self-generated CA to provide an end-to-end workflow for demonstration purposes. Accessing the SSO web console will prompt an insecure connection warning.
>For production environments, Red Hat recommends that you use an SSL certificate purchased from a verified Certificate Authority. 

However this does not explain that "Passthrough Termination"[0] is used, and that the template deploys this route: 

--- from: oc get templates -n openshift sso70-basic -o yaml ---
>- apiVersion: v1
>  id: ${APPLICATION_NAME}-https
>  kind: Route
>  metadata:
>    annotations:
>      description: Route for application's https service.
>    labels:
>      application: ${APPLICATION_NAME}
>    name: secure-${APPLICATION_NAME}
>  spec:
>    host: ${HOSTNAME_HTTPS}
>    tls:
>      termination: passthrough
>    to:
>      name: secure-${APPLICATION_NAME}

This makes understanding the understanding of the SSL configurations (components) in: 

>https://access.redhat.com/documentation/en/red-hat-xpaas/version-0/red-hat-xpaas-sso-image/#preparing_sso_authentication_for_openshift_deployment

almost impossible, as: 

> https://access.redhat.com/documentation/en/red-hat-xpaas/version-0/red-hat-xpaas-sso-image/#configuring_openshift_master_for_single_sign_on_authentication

tries to explain how "OpenShift" might use SSO as an authentication provider. 

[0] https://docs.openshift.com/enterprise/3.2/architecture/core_concepts/routes.html#route-types