diff --git a/config/settings.yml b/config/settings.yml index cc35b1df9..ed8743679 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -151,6 +151,10 @@ user-auth: single-sign-on: "_env:OIDC_SSO:false" +# Automatically redirect to SSO route when not signed on +# Note: This will force authentication, thus the site will be inaccessible without external credentials. Only use this option when it is ensured that every user that should be able to access the site has valid external credentials! +auto-sign-on: "_env:AUTO_SIGN_ON:false" + # TODO: generalize for arbitrary auth protocols # TODO: maybe use separate pools for external databases? ldap-pool: diff --git a/src/Settings.hs b/src/Settings.hs index fdf67357c..d94267891 100644 --- a/src/Settings.hs +++ b/src/Settings.hs @@ -455,6 +455,9 @@ data AppSettings = AppSettings , appUserAuthConf :: UserAuthConf , appSingleSignOn :: Bool -- ^ Enable OIDC single sign-on + , appAutoSignOn :: Bool + -- ^ Automatically redirect to SSO route when not signed on + -- ^ Note: This will force authentication, thus the site will be inaccessible without external credentials. Only use this option when it is ensured that every user that should be able to access the site has valid external credentials! , appLmsConf :: LmsConf -- ^ Configuration settings for CSV export/import to LMS (= Learn Management System) -- TODO, TODISCUSS: reimplement as user-auth source? , appAvsConf :: Maybe AvsConf @@ -635,6 +638,7 @@ instance FromJSON AppSettings where -- P.fromList . mapMaybe (assertM nonEmptyHost) <$> o .:? "user-database" .!= [] appLdapPoolConf <- o .:? "ldap-pool" appSingleSignOn <- o .:? "single-sign-on" .!= False + appAutoSignOn <- o .:? "auto-sign-on" .!= False appLmsConf <- o .: "lms-direct" appAvsConf <- assertM (not . null . avsPass) <$> o .:? "avs" appLprConf <- o .: "lpr"