Add check for different sso providers [SCI-10214]

app/helpers/application_helper.rb

@@ -199,20 +199,21 @@ module ApplicationHelper
     ENV['SSO_ENABLED'] == 'true'
   end
 
-  def okta_configured?
-    ApplicationSettings.instance.values['okta'].present?
+  def okta_enabled?
+    ApplicationSettings.instance.values.dig('okta', 'enabled')
   end
 
-  def azure_ad_configured?
-    ApplicationSettings.instance.values['azure_ad_apps'].present?
+  def azure_ad_enabled?
+    provider_conf = ApplicationSettings.instance.values['azure_ad_apps']
+    provider_conf.present? && provider_conf[0]['enabled']
   end
 
-  def openid_connect_configured?
-    ApplicationSettings.instance.values['openid_connect'].present?
+  def saml_enabled?
+    ApplicationSettings.instance.values.dig('saml', 'enabled')
   end
 
-  def saml_configured?
-    ApplicationSettings.instance.values['saml'].present?
+  def openid_connect_enabled?
+    ApplicationSettings.instance.values.dig('openid_connect', 'enabled')
   end
 
   def wopi_enabled?

app/views/users/shared/_links.html.erb

@@ -28,7 +28,7 @@
   <% end -%>
 
   <% if controller_name != 'passwords'%>
-    <%- if sso_enabled? && okta_configured? %>
+    <%- if sso_enabled? && okta_enabled? %>
       <div class="okta-sign-in-actions">
         <%= form_tag user_okta_omniauth_authorize_path, method: :post, id: 'oktaForm' do %>
           <%= submit_tag t('devise.okta.sign_in_label'), class: 'btn btn-okta' %>
@@ -42,13 +42,13 @@
       <% end -%>
     <% end -%>
 
-    <% if sso_enabled? && azure_ad_configured? %>
+    <% if sso_enabled? && azure_ad_enabled? %>
       <div class="azure-sign-in-actions">
         <%= render partial: "users/shared/azure_sign_in_links", locals: { resource_name: resource_name } %>
       </div>
     <% end %>
 
-    <%- if sso_enabled? && openid_connect_configured? %>
+    <%- if sso_enabled? && openid_connect_enabled? %>
       <div class="azure-sign-in-actions">
         <%= form_tag user_openid_connect_omniauth_authorize_path, method: :post do %>
           <%= submit_tag t('devise.sessions.new.openid_connect_submit'), class: 'btn btn-primary' %>
@@ -56,7 +56,7 @@
       </div>
     <% end %>
 
-    <% if sso_enabled? && saml_configured? %>
+    <% if sso_enabled? && saml_enabled? %>
       <div class="azure-sign-in-actions">
         <%= form_tag user_saml_omniauth_authorize_path, method: :post do %>
           <%= submit_tag t('devise.sessions.new.saml_submit'), class: 'btn btn-primary' %>

config/initializers/omniauth.rb

@@ -5,7 +5,7 @@ require 'omniauth/strategies/custom_azure_active_directory'
 AZURE_SETUP_PROC = lambda do |env|
   settings = ApplicationSettings.instance
   providers = settings.values['azure_ad_apps'].select { |v| v['enable_sign_in'] }
-  raise StandardError, 'No Azure AD config available for sign in' if providers.blank?
+  raise StandardError, 'No Azure AD config available for sign in' unless providers.present? && providers[0]['enabled']
 
   req = Rack::Request.new(env)
 
@@ -61,7 +61,7 @@ end
 OKTA_SETUP_PROC = lambda do |env|
   settings = ApplicationSettings.instance
   provider_conf = settings.values['okta']
-  raise StandardError, 'No Okta config available for sign in' if provider_conf.blank?
+  raise StandardError, 'No Okta config available for sign in' unless provider_conf.present? && provider_conf['enabled']
 
   oauth2_base_url =
     if provider_conf['auth_server_id'].blank?