From 114149ddf6ef15ee140d992d1dd59811d2f09929 Mon Sep 17 00:00:00 2001
From: Brian Gough <briangough@users.noreply.github.com>
Date: Thu, 14 Dec 2023 14:53:35 +0000
Subject: [PATCH] Merge pull request #16175 from
 overleaf/bg-group-sso-restrict-login

restrict login methods to group SSO for managed users with group SSO linked

GitOrigin-RevId: d0a92f9dc16cc08a3afacb4ad4b9ce19b1fd1330
---
 services/web/app/src/Features/Errors/Errors.js | 7 +++++++
 services/web/locales/en.json                   | 1 +
 2 files changed, 8 insertions(+)

diff --git a/services/web/app/src/Features/Errors/Errors.js b/services/web/app/src/Features/Errors/Errors.js
index f64200fbd0..1bb0636a4e 100644
--- a/services/web/app/src/Features/Errors/Errors.js
+++ b/services/web/app/src/Features/Errors/Errors.js
@@ -96,6 +96,12 @@ class SAMLAuthenticationError extends OError {
   }
 }
 
+class SAMLAuthenticationRequiredError extends SAMLAuthenticationError {
+  get i18nKey() {
+    return 'saml_authentication_required_error'
+  }
+}
+
 class SAMLGroupSSOLoginIdentityMismatchError extends SAMLAuthenticationError {
   get i18nKey() {
     return 'saml_login_identity_mismatch_error'
@@ -269,6 +275,7 @@ module.exports = {
   InvalidError,
   NotInV2Error,
   OutputFileFetchFailedError,
+  SAMLAuthenticationRequiredError,
   SAMLIdentityExistsError,
   SAMLAlreadyLinkedError,
   SAMLEmailNotAffiliatedError,
diff --git a/services/web/locales/en.json b/services/web/locales/en.json
index 29be91fd97..a728de533c 100644
--- a/services/web/locales/en.json
+++ b/services/web/locales/en.json
@@ -1546,6 +1546,7 @@
   "ru": "Russian",
   "saml": "SAML",
   "saml_auth_error": "Sorry, your identity provider responded with an error.  Please contact your administrator for more information.",
+  "saml_authentication_required_error": "Other login methods have been disabled by your group administrator. Please use your group SSO login.",
   "saml_create_admin_instructions": "Choose an email address for the first __appName__ admin account. This should correspond to an account in the SAML system. You will then be asked to log in with this account.",
   "saml_email_not_recognized_error": "This email address isn’t set up for SSO. Please check it and try again or contact your administrator.",
   "saml_identity_exists_error": "Sorry, the identity returned by your identity provider is already linked with a different Overleaf account.  Please contact your administrator for more information.",