opt-saml-sso-login (#8277)

* opt-saml-sso-login

* Update backends.py

frontend/src/components/user-settings/social-login-saml.js

@@ -11,7 +11,8 @@ const {
   samlConnected,
   enableMultiADFS,
   orgSamlConnected,
-  socialNextPage
+  socialNextPage,
+  forceUserSSOLogin,
 } = window.app.pageOptions;
 
 class SocialLoginSAML extends React.Component {
@@ -50,7 +51,7 @@ class SocialLoginSAML extends React.Component {
           <h3 className="setting-item-heading">{gettext('Single Sign On (SSO)')}</h3>
           <p className="mb-2">{'SAML'}</p>
           {(samlConnected || (orgSamlConnected && isOrgContext)) ?
-            <button className="btn btn-outline-primary" onClick={this.confirmDisconnect}>{gettext('Disconnect')}</button> :
+            <button className="btn btn-outline-primary" onClick={this.confirmDisconnect} disabled={forceUserSSOLogin}>{gettext('Disconnect')}</button> :
             <a href={connectUrl} className="btn btn-outline-primary">{gettext('Connect')}</a>
           }
         </div>

frontend/src/pages/org-admin/web-settings/web-settings.js

@@ -2,7 +2,7 @@ import React, { Component, Fragment } from 'react';
 import { InputGroupText } from 'reactstrap';
 import { Utils } from '../../../utils/utils';
 import { orgAdminAPI } from '../../../utils/org-admin-api';
-import { gettext, mediaUrl, logoPath, orgID, orgEnableAdminCustomLogo, orgEnableAdminCustomName, orgEnableAdminDeleteOrg, enableMultiADFS } from '../../../utils/constants';
+import { gettext, mediaUrl, logoPath, orgID, orgEnableAdminCustomLogo, orgEnableAdminCustomName, orgEnableAdminDeleteOrg, enableMultiADFS, enableSSO } from '../../../utils/constants';
 import Loading from '../../../components/loading';
 import toaster from '../../../components/toast';
 import MainPanelTopbar from '../main-panel-topbar';
@@ -172,17 +172,6 @@ class OrgWebSettings extends Component {
                     />
                   </Fragment>
                 </Section>
-                {enableMultiADFS &&
-                  <Section headingText={gettext('User')}>
-                    <CheckboxItem
-                      saveSetting={this.orgSaveSetting}
-                      displayName={gettext('Disable SAML user email / password login')}
-                      keyText='force_adfs_login'
-                      value={force_adfs_login}
-                      helpTip={gettext('Force user to use SSO login if SAML account is bound')}
-                    />
-                  </Section>
-                }
                 {(sysEnableUserCleanTrash || sysEnableEncryptedLibrary) &&
                   <Section headingText={gettext('Library')}>
                     <Fragment>
@@ -220,6 +209,17 @@ class OrgWebSettings extends Component {
                       }
                     />
                   </Fragment>
+                  {(enableMultiADFS || enableSSO) &&
+                    <Fragment>
+                      <CheckboxItem
+                        saveSetting={this.orgSaveSetting}
+                        displayName={gettext('Disable SSO user email / password login')}
+                        keyText='force_adfs_login'
+                        value={force_adfs_login}
+                        helpTip={gettext('Force user to use SSO login if SSO account is bound')}
+                      />
+                    </Fragment>
+                  }
                 </Section>
                 {orgEnableAdminDeleteOrg &&
                   <Section headingText={gettext('Delete')}>

frontend/src/pages/sys-admin/orgs/org-info.js

@@ -12,6 +12,7 @@ import SysAdminSetOrgNameDialog from '../../../components/dialog/sysadmin-dialog
 import SysAdminSetOrgMaxUserNumberDialog from '../../../components/dialog/sysadmin-dialog/sysadmin-set-org-max-user-number-dialog';
 import MainPanelTopbar from '../main-panel-topbar';
 import OrgNav from './org-nav';
+import CheckboxItem from '../../common-admin/web-settings/checkbox-item';
 
 class Content extends Component {
 
@@ -36,6 +37,12 @@ class Content extends Component {
     this.setState({ isSetMaxUserNumberDialogOpen: !this.state.isSetMaxUserNumberDialogOpen });
   };
 
+
+  updateForceSSOLogin = (key, value) => {
+    this.props.updateForceSSOLogin(key, value);
+  };
+
+
   render() {
     const { loading, errorMsg } = this.props;
     if (loading) {
@@ -43,7 +50,7 @@ class Content extends Component {
     } else if (errorMsg) {
       return <p className="error text-center">{errorMsg}</p>;
     } else {
-      const { org_name, users_count, max_user_number, groups_count, quota, quota_usage, enable_saml_login, metadata_url, domain } = this.props.orgInfo;
+      const { org_name, users_count, max_user_number, groups_count, quota, quota_usage, enable_saml_login, metadata_url, domain, force_adfs_login, enable_sso } = this.props.orgInfo;
       const { isSetQuotaDialogOpen, isSetNameDialogOpen, isSetMaxUserNumberDialogOpen } = this.state;
       return (
         <>
@@ -75,6 +82,20 @@ class Content extends Component {
               {`${Utils.bytesToSize(quota_usage)} / ${quota > 0 ? Utils.bytesToSize(quota) : '--'}`}
               <EditIcon onClick={this.toggleSetQuotaDialog} />
             </dd>
+            {enable_sso &&
+              <>
+                <dt className="info-item-heading">{gettext('SSO')}</dt>
+                <dd className="info-item-content">
+                  <CheckboxItem
+                    saveSetting={this.updateForceSSOLogin}
+                    displayName={gettext('Disable SSO user email / password login')}
+                    keyText='force_adfs_login'
+                    value={force_adfs_login}
+                    helpTip={gettext('Force user to use SSO login if SSO account is bound')}
+                  />
+                </dd>
+              </>
+            }
             {enable_saml_login &&
               <>
                 <dt className="info-item-heading">{gettext('SAML Config')}</dt>
@@ -143,6 +164,7 @@ Content.propTypes = {
   updateQuota: PropTypes.func.isRequired,
   updateName: PropTypes.func.isRequired,
   updateMaxUserNumber: PropTypes.func.isRequired,
+  updateForceSSOLogin: PropTypes.func,
 };
 
 class OrgInfo extends Component {
@@ -212,6 +234,16 @@ class OrgInfo extends Component {
     });
   };
 
+  updateForceSSOLogin = (key, value) => {
+    const data = { forceSSOLogin: value };
+    systemAdminAPI.sysAdminUpdateOrg(this.props.orgID, data).then(res => {
+      toaster.success(gettext('Successfully saved.'));
+    }).catch((error) => {
+      let errMessage = Utils.getErrorMsg(error);
+      toaster.danger(errMessage);
+    });
+  };
+
   render() {
     const { orgInfo } = this.state;
     return (
@@ -229,6 +261,7 @@ class OrgInfo extends Component {
                 updateQuota={this.updateQuota}
                 updateName={this.updateName}
                 updateMaxUserNumber={this.updateMaxUserNumber}
+                updateForceSSOLogin={this.updateForceSSOLogin}
               />
             </div>
           </div>

frontend/src/utils/constants.js

@@ -179,6 +179,7 @@ export const orgEnableAdminCustomName = window.org ? window.org.pageOptions.orgE
 export const orgEnableAdminInviteUser = window.org ? window.org.pageOptions.orgEnableAdminInviteUser === 'True' : false;
 export const orgEnableAdminDeleteOrg = window.org ? window.org.pageOptions.orgEnableAdminDeleteOrg === 'True' : false;
 export const enableMultiADFS = window.org ? window.org.pageOptions.enableMultiADFS === 'True' : false;
+export const enableSSO = window.org ? window.org.pageOptions.enableSSO === 'True' : false;
 export const enableSubscription = window.org ? window.org.pageOptions.enableSubscription : false;
 export const enableExternalBillingService = window.org ? window.org.pageOptions.enableExternalBillingService : false;
 

frontend/src/utils/system-admin-api.js

@@ -627,6 +627,9 @@ class SystemAdminAPI {
     if (orgInfo.isActive != undefined) {
       formData.append('is_active', orgInfo.isActive);
     }
+    if (orgInfo.forceSSOLogin != undefined) {
+      formData.append('force_adfs_login', orgInfo.forceSSOLogin);
+    }
     return this.req.put(url, formData);
   }