@@ -63,9 +63,6 @@ else

     KEYSTONE_DEPLOY=mod_wsgi

 fi

-# Select the token persistence backend driver

-KEYSTONE_TOKEN_BACKEND=${KEYSTONE_TOKEN_BACKEND:-sql}

-

 # Select the Identity backend driver

 KEYSTONE_IDENTITY_BACKEND=${KEYSTONE_IDENTITY_BACKEND:-sql}

@@ -79,7 +76,8 @@ KEYSTONE_ROLE_BACKEND=${KEYSTONE_ROLE_BACKEND:-sql}

 KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}

 # Select Keystone's token provider (and format)

-# Choose from 'uuid', 'pki', 'pkiz', or 'fernet'

+# Refer keystone doc for supported token provider:

+# https://docs.openstack.org/keystone/latest/admin/token-provider.html

 KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}

 KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')

@@ -245,8 +243,6 @@ function configure_keystone {

     iniset $KEYSTONE_CONF database connection `database_connection_url keystone`

-    iniset $KEYSTONE_CONF token driver "$KEYSTONE_TOKEN_BACKEND"

-

     # Set up logging

     if [ "$SYSLOG" != "False" ]; then

         iniset $KEYSTONE_CONF DEFAULT use_syslog "True"

@@ -443,11 +439,6 @@ function init_keystone {

     $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF db_sync

     time_stop "dbsync"

-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then

-        # Set up certificates

-        rm -rf $KEYSTONE_CONF_DIR/ssl

-        $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF pki_setup

-    fi

     if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then

         rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"

         $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF fernet_setup