Update shiro.ini for KeystoneRealm configuration section

- Update to better explain the configuration section of the
KeystoneRealm
in the shiro.ini file.

- Update section for available realms.

Change-Id: I6db4b9ccb1d3549c044957ab31ef64bcb93c77ba
Signed-off-by: David <david.suarez.fuentes@ericsson.com>

diff --git a/aaa-shiro/impl/src/main/resources/shiro.ini b/aaa-shiro/impl/src/main/resources/shiro.ini
index e96d59d073b7e961a6ba60a8b7de7fcde4ab280a..fd398355f5adc64a699c525d72d02519e73455b1 100644 (file)
--- a/aaa-shiro/impl/src/main/resources/shiro.ini
+++ b/aaa-shiro/impl/src/main/resources/shiro.ini
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2016 Brocade Communications Systems, Inc. and others.  All rights reserved.
+# Copyright (c) 2015-2017 Brocade Communications Systems, Inc. and others.  All rights reserved.
 #
 # This program and the accompanying materials are made available under the
 # terms of the Eclipse Public License v1.0 which accompanies this distribution,
@@ -14,19 +14,20 @@
 # - TokenAuthRealm (enabled by default)                                       #
 # - ODLJndiLdapRealm (disabled by default)                                    #
 # - ODLJndiLdapRealmAuthNOnly (disabled by default)                           #
+# - ODLActiveDirectoryRealm (disabled by default)                             #
+# - KeystoneAuthRealm (disabled by default)                                   #
+#                                                                             #
 # Basic user configuration through shiro.ini is disabled for security         #
 # purposes.                                                                   #
 ###############################################################################
 
-
-
 [main]
 ###############################################################################
 # realms                                                                      #
 #                                                                             #
 # This section is dedicated to setting up realms for OpenDaylight.  Realms    #
 # are essentially different methods for providing AAA.  ODL strives to provide#
-# highly-configurable AAA by providing pluggable infrastructure.  By deafult, #
+# highly-configurable AAA by providing pluggable infrastructure.  By default, #
 # TokenAuthRealm is enabled out of the box (which bridges to the existing AAA #
 # mechanisms).  More than one realm can be enabled, and the realms are        #
 # tried Round-Robin until:                                                    #
@@ -91,13 +92,17 @@ tokenAuthRealm = org.opendaylight.aaa.shiro.realm.TokenAuthRealm
 #moonAuthRealm = org.opendaylight.aaa.shiro.realm.MoonRealm
 #moonAuthRealm.moonServerURL = http://<host>:<port>
 
-# ODL provides a KeystoneAuthRealm to authenticate access against an OpenStack
-# Keystone (v3) instance. At this time the authentication is 'unscoped' and
-# authorization is not supported.
+# The KeystoneAuthRealm allows for authentication/authorization against an
+# OpenStack's Keystone server. It uses the Identity's API v3 or later.
 #keystoneAuthRealm = org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm
+# The URL where the Keystone server exposes the Identity's API v3 the URL
+# can be either HTTP or HTTPS and it is mandatory for this realm.
 #keystoneAuthRealm.url = https://<host>:<port>
+# Optional parameter to make the realm verify the certificates in case of HTTPS
 #keystoneAuthRealm.sslVerification = true
-# Default domain to use if not specified within the provided credentials.
+# Optional parameter to set up a default domain for requests using credentials
+# without domain, uncomment in case you want a different value from the hard-coded
+# one "Default"
 #keystoneAuthRealm.defaultDomain = Default
 
 # The CSV list of enabled realms.  In order to enable a realm, add it to the