Allow OIDC as default login

api/swagger.yml

@@ -591,6 +591,8 @@ components:
           enum: [initialized, not_initialized]
         oidc_enabled:
           type: boolean
+        oidc_default_login:
+          type: boolean
     AccessKeyCredentials:
       type: object
       properties:

docs/assets/js/swagger.yml

@@ -591,6 +591,8 @@ components:
           enum: [initialized, not_initialized]
         oidc_enabled:
           type: boolean
+        oidc_default_login:
+          type: boolean
     AccessKeyCredentials:
       type: object
       properties:

docs/reference/configuration.md

@@ -57,6 +57,7 @@ This reference uses `.` to denote the nesting of values.
 * `auth.ldap.default_user_group` `(string : )` - Create all LDAP users in this group.  Defaults to `Viewers`.
 * `auth.ldap.user_filter` `(string : )` - Additional filter for users.
 * `auth.oidc.enabled` `(boolean : false)` - Set to true to enable authentication with an external OIDC provider.
+* `auth.oidc.is_default_login` `(boolean : false)` - If true, the lakeFS login page will redirect to the external provider by default.
 * `auth.oidc.client_id` `(string : )` - OIDC client ID.
 * `auth.oidc.client_secret` `(string : )` - OIDC client secret.
 * `auth.oidc.url` `(string : )` - The base URL of your OIDC compatible identity provider.

pkg/api/controller.go

@@ -3105,7 +3105,12 @@ func (c *Controller) GetSetupState(w http.ResponseWriter, r *http.Request) {
 	if initialized || c.Config.IsAuthTypeAPI() {
 		state = setupStateInitialized
 	}
-	response := SetupState{State: swag.String(state), OidcEnabled: swag.Bool(c.Config.GetAuthOIDCConfiguration().Enabled)}
+	oidcConfig := c.Config.GetAuthOIDCConfiguration()
+	response := SetupState{
+		State:            swag.String(state),
+		OidcEnabled:      swag.Bool(oidcConfig.Enabled),
+		OidcDefaultLogin: swag.Bool(oidcConfig.IsDefaultLogin),
+	}
 	writeResponse(w, http.StatusOK, response)
 }
 

pkg/config/template.go

@@ -5,7 +5,8 @@ import (
 )
 
 type OIDC struct {
-	Enabled bool `mapstructure:"enabled"`
+	Enabled        bool `mapstructure:"enabled"`
+	IsDefaultLogin bool `mapstructure:"is_default_login"`
 
 	// provider details:
 	URL          string `mapstructure:"url"`

webui/src/pages/auth/login.jsx

@@ -10,6 +10,8 @@ import {Error} from "../../lib/components/controls"
 import {useRouter} from "../../lib/hooks/router";
 import {useAPI} from "../../lib/hooks/api";
 
+const OIDC_LOGIN_URL = "/oidc/login?prompt=login";
+
 const LoginForm = ({oidcEnabled}) => {
     const router = useRouter();
     const [loginError, setLoginError] = useState(null);
@@ -60,7 +62,7 @@ const LoginForm = ({oidcEnabled}) => {
                                 <Button variant="link" className="text-secondary mt-2" onClick={async ()=> {
                                     document.cookie = 'oidc_auth_session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
                                     document.cookie = 'internal_auth_session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
-                                    window.location = "/oidc/login?prompt=login";
+                                    window.location = OIDC_LOGIN_URL;
                                 }}>Sign in with SSO provider</Button>
                                 : ""
                             }
@@ -82,6 +84,9 @@ const LoginPage = () => {
     if (!error && response && response.state !== SETUP_STATE_INITIALIZED) {
         router.push({pathname: '/setup', query: router.query})
     }
+    if (!error && response && response.oidc_default_login) {
+        window.location = OIDC_LOGIN_URL;
+    }
     return (
         <Layout logged={false}>
             <LoginForm oidcEnabled={!error  && response && response.oidc_enabled }/>