Configurable token hashing

Provide info on the option for operators to turn off token
hashing to be performed by horizon.

In some deployments where PKI token format is used for keystone,
token hashing causes 401 errors in horizon.

Depends-On: I187b1486db2e453fd49298e1478e30abe97e54fe

Change-Id: I5ebc07850b14b2f2f52fc659831d6cd4aa9f83c3
Closes-Bug: #1473588

doc/source/topics/settings.rst

@@ -964,6 +964,19 @@ are using. Allowed values are the algorithms supported by Python's hashlib
 library.
 
 
+``OPENSTACK_TOKEN_HASH_ENABLED``
+--------------------------------
+
+.. versionadded:: 8.0.0(Liberty)
+
+Default: ``True``
+
+Hashing tokens from Keystone keeps the Horizon session data smaller, but it
+doesn't work in some cases when using PKI tokens.  Uncomment this value and
+set it to False if using PKI tokens and there are 401 errors due to token
+hashing.
+
+
 ``POLICY_FILES``
 ----------------
 

openstack_dashboard/local/local_settings.py.example

@@ -619,6 +619,12 @@ SECURITY_GROUP_RULES = {
 # algorithms supported by Python's hashlib library.
 #OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
 
+# Hashing tokens from Keystone keeps the Horizon session data smaller, but it
+# doesn't work in some cases when using PKI tokens.  Uncomment this value and
+# set it to False if using PKI tokens and there are 401 errors due to token
+# hashing.
+#OPENSTACK_TOKEN_HASH_ENABLED = True
+
 # AngularJS requires some settings to be made available to
 # the client side. Some settings are required by in-tree / built-in horizon
 # features. These settings must be added to REST_API_REQUIRED_SETTINGS in the