chore(sso): add bare auto-sign-out setting

config/settings.yml

@@ -151,6 +151,10 @@ user-auth:
 
 single-sign-on: "_env:OIDC_SSO:false"
 
+# Automatically redirect to SSO route when not signed on
+# Note: This will force authentication, thus the site will be inaccessible without external credentials. Only use this option when it is ensured that every user that should be able to access the site has valid external credentials!
+auto-sign-on: "_env:AUTO_SIGN_ON:false"
+
 # TODO: generalize for arbitrary auth protocols
 # TODO: maybe use separate pools for external databases?
 ldap-pool:

src/Settings.hs

@@ -455,6 +455,9 @@ data AppSettings = AppSettings
     , appUserAuthConf           :: UserAuthConf
     , appSingleSignOn           :: Bool
     -- ^ Enable OIDC single sign-on
+    , appAutoSignOn             :: Bool
+    -- ^ Automatically redirect to SSO route when not signed on
+    -- ^ Note: This will force authentication, thus the site will be inaccessible without external credentials. Only use this option when it is ensured that every user that should be able to access the site has valid external credentials!
     , appLmsConf                :: LmsConf
     -- ^ Configuration settings for CSV export/import to LMS (= Learn Management System) -- TODO, TODISCUSS: reimplement as user-auth source?
     , appAvsConf                :: Maybe AvsConf
@@ -635,6 +638,7 @@ instance FromJSON AppSettings where
         -- P.fromList . mapMaybe (assertM nonEmptyHost) <$> o .:? "user-database" .!= []
         appLdapPoolConf           <- o .:? "ldap-pool"
         appSingleSignOn           <- o .:? "single-sign-on" .!= False
+        appAutoSignOn             <- o .:? "auto-sign-on" .!= False
         appLmsConf                <- o .: "lms-direct"
         appAvsConf                <- assertM (not . null . avsPass)  <$> o .:? "avs"
         appLprConf                <- o .: "lpr"