diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 24772f765c..6e165f00d2 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -338,6 +338,7 @@ keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keyston
 keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3"
 keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}/v3"
 
+# Valid options are [ uuid, fernet ]
 keystone_token_provider: "uuid"
 fernet_token_expiry: 86400
 
diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2
index 6f73e98a03..ff33a241ff 100644
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@@ -20,8 +20,10 @@ domain_specific_drivers_enabled = true
 domain_config_dir = /etc/keystone/domains
 {% endif %}
 
-{% if keystone_token_provider == 'fernet' %}
 [token]
+{% if keystone_token_provider == 'uuid' %}
+provider = uuid
+{% elif keystone_token_provider == 'fernet' %}
 provider = {{ keystone_token_provider }}
 expiration = {{ fernet_token_expiry }}