From 77d59635d3e642662fb19babf5e85b6929d35202 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Sun, 28 Oct 2018 19:02:34 +0100
Subject: [PATCH] Delete the external auth admin guide

There is already a more extensive guide in the advanced topics
section[1] so this stub guide does not provide any value and feels out
of place. Remove it to avoid duplication and confusion.

[1] https://docs.openstack.org/keystone/latest/advanced-topics/external-auth.html

Change-Id: I2b96f4bf285cf5cc79ab0c44685bc15b5d9b61e9
---
 .../identity-external-authentication.rst      | 41 -------------------
 doc/source/admin/index.rst                    |  1 -
 2 files changed, 42 deletions(-)
 delete mode 100644 doc/source/admin/identity-external-authentication.rst

diff --git a/doc/source/admin/identity-external-authentication.rst b/doc/source/admin/identity-external-authentication.rst
deleted file mode 100644
index 62b55714e4..0000000000
--- a/doc/source/admin/identity-external-authentication.rst
+++ /dev/null
@@ -1,41 +0,0 @@
-=====================================
-External authentication with Identity
-=====================================
-
-When Identity runs in ``apache-httpd``, you can use external
-authentication methods that differ from the authentication provided by
-the identity store back end. For example, you can use an SQL identity
-back end together with X.509 authentication and Kerberos, instead of
-using the user name and password combination.
-
-Use HTTPD authentication
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-Web servers, like Apache HTTP, support many methods of authentication.
-Identity can allow the web server to perform the authentication. The web
-server then passes the authenticated user to Identity by using the
-``REMOTE_USER`` environment variable. This user must already exist in
-the Identity back end to get a token from the controller. To use this
-method, Identity should run on ``apache-httpd``.
-
-Use X.509
-~~~~~~~~~
-
-The following Apache configuration snippet authenticates the user based
-on a valid X.509 certificate from a known CA:
-
-.. code-block:: none
-
-   <VirtualHost _default_:5000>
-       SSLEngine on
-       SSLCertificateFile    /etc/ssl/certs/ssl.cert
-       SSLCertificateKeyFile /etc/ssl/private/ssl.key
-
-       SSLCACertificatePath /etc/ssl/allowed_cas
-       SSLCARevocationPath  /etc/ssl/allowed_cas
-       SSLUserName          SSL_CLIENT_S_DN_CN
-       SSLVerifyClient      require
-       SSLVerifyDepth       10
-
-       (...)
-   </VirtualHost>
diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst
index f1e837b421..795c68e131 100644
--- a/doc/source/admin/index.rst
+++ b/doc/source/admin/index.rst
@@ -22,7 +22,6 @@ command-line client.
    identity-domain-specific-config.rst
    identity-url-safe-naming.rst
    identity-case-insensitive.rst
-   identity-external-authentication.rst
    identity-integrate-with-ldap.rst
    identity-upgrading.rst
    identity-tokens.rst