The protocol between the Controller and the Keystone Server (2) can be either
HTTPS or HTTP. In order to use HTTPS the Keystone Server's certificate
-must be exported and imported on the Controller (see the :ref:`Certificate Management <Certificate Management>` section).
+must be exported and imported on the Controller (see the :ref:`Certificate Management <aaa-certificate-management>` section).
Authorization Configuration
---------------------------
Authorization <http://shiro.apache.org/web.html#Web-%7B%7B%5Curls%5C%7D%7D>`_
describes how to configure the Authentication feature in detail.
-.. notes::
+.. note::
The Shiro-Based Authorization that uses the *shiro.ini* URLs section to
define roles requirements is **deprecated** and **discouraged** since the
authentication attempts. Custom AuthenticationListener(s) must implement
the org.apache.shiro.authc.AuthenticationListener interface.
+.. _aaa-certificate-management:
+
Certificate Management
----------------------