fix: correct keystone_domains reference from horizon (#992)

diff --git a/roles/horizon/defaults/main.yml b/roles/horizon/defaults/main.yml
index acec948..9310644 100644
--- a/roles/horizon/defaults/main.yml
+++ b/roles/horizon/defaults/main.yml
@@ -21,3 +21,35 @@
 
 # List of annotations to apply to the Ingress
 horizon_ingress_annotations: {}
+
+# The following set of variables can be used for simple setups where you can
+# only need a single domain and realm.  You can use the `keystone_domains`
+# variable to configure more complex setups.
+keystone_keycloak_server_url: "https://{{ keycloak_host }}"
+keystone_keycloak_server_internal_url: http://keycloak.auth-system.svc
+keystone_keycloak_user_realm_name: master
+keystone_keycloak_admin_client_id: admin-cli
+keystone_keycloak_admin_user: admin
+keystone_keycloak_admin_password: "{{ keycloak_admin_password }}"
+keystone_keycloak_realm: atmosphere
+keystone_keycloak_realm_name: Atmosphere
+keystone_keycloak_client_id: keystone
+keystone_keycloak_scopes: "openid email profile"
+
+# (ricolin): This will prevent horizon reference wrong keystone_domains by default.
+# This variable can be used for more complex setups that require multiple
+# domains that are mapped to multiple realms.  If you are looking to use a
+# single domain and realm, you can skip this section.
+horizon_keystone_domains:
+  - name: "{{ keystone_keycloak_realm }}"                                       # Domain name
+    label: "{{ keystone_keycloak_realm_name }}"                                 # Realm display name + Horizon label
+    keycloak_server_url: "{{ keystone_keycloak_server_url }}"                   # Public Keycloak URL
+    keycloak_server_internal_url: "{{ keystone_keycloak_server_internal_url }}" # Internal Keycloak URL
+    keycloak_user_realm_name: "{{ keystone_keycloak_user_realm_name }}"         # Keycloak realm name
+    keycloak_admin_client_id: "{{ keystone_keycloak_admin_client_id }}"         # Keycloak admin client ID
+    keycloak_admin_user: "{{ keystone_keycloak_admin_user }}"                   # Keycloak admin username
+    keycloak_admin_password: "{{ keystone_keycloak_admin_password }}"           # Keycloak admin password
+    keycloak_realm: "{{ keystone_keycloak_realm }}"                             # Keycloak realm name
+    keycloak_client_id: "{{ keystone_keycloak_client_id }}"                     # Keycloak client ID
+    keycloak_client_secret: "{{ keystone_keycloak_client_secret }}"             # Keycloak client secret
+    keycloak_scopes: "{{ keystone_keycloak_scopes }}"                           # Keycloak scopes
diff --git a/roles/horizon/vars/main.yml b/roles/horizon/vars/main.yml
index b4c2130..7699b4a 100644
--- a/roles/horizon/vars/main.yml
+++ b/roles/horizon/vars/main.yml
@@ -31,7 +31,7 @@
             sso:
               enabled: true
               initial_choice: "{{ (keystone_domains is defined) | ternary(keystone_domains[0].name, 'atmosphere') }}"
-            idp_mapping: "{{ keystone_domains | default([{'name': 'atmosphere', 'label': 'Atmosphere'}]) | vexxhost.atmosphere.keystone_domains_to_idp_mappings }}" # noqa: yaml[line-length]
+            idp_mapping: "{{ keystone_domains | default(horizon_keystone_domains) | vexxhost.atmosphere.keystone_domains_to_idp_mappings }}" # noqa: yaml[line-length]
           raw:
             OPENSTACK_SSL_NO_VERIFY: "{{ ((cluster_issuer_type | default('self-signed')) == 'self-signed') | ternary('True', 'False') | string }}"
             WEBSSO_KEYSTONE_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3