When I configure the Keystone as Service Provider + horizon, I received this error in my /var/log/keystone/keystone-wsgi-public.log, after try logging in my IdP SimpleSamlPHP:
2017-03-15 01:32:26.240 29046 INFO keystone.common.wsgi [req-022ef0af-1811-4038-9aad-bd9a3e9443ac - - - - -] GET http://10.7.49.47:5000/v3/auth/OS-FEDERATION/identity_providers/myidp/protocols/mapped/websso?origin=http://10.7.49.47/horizon/auth/websso/
2017-03-15 01:32:26.241 29046 ERROR keystone.federation.controllers [req-022ef0af-1811-4038-9aad-bd9a3e9443ac - - - - -] http://10.7.49.47/horizon/auth/websso/ is not a trusted dashboard host
2017-03-15 01:32:26.242 29046 WARNING keystone.common.wsgi [req-022ef0af-1811-4038-9aad-bd9a3e9443ac - - - - -] Authorization failed. The request you have made requires authentication. from 10.7.49.11
And in my browser I received: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
EDIT: I activated the debug, and I get this log:
2017-03-15 12:29:58.960 5933 DEBUG keystone.federation.utils [req-e9875dd7-221b-463f-b2c1-ea184680fef3 - - - - -] Cannot find "remote_id_attribute" in configuration group mapped. Trying default location in group federation. get_remote_id_parameter /usr/local/lib/python2.7/dist-packages/keystone/federation/utils.py:296
I stoped the uwsgi, and start it again.