From 4f2d28db51b1e8cdf070c3ad4723bd9440378f4b Mon Sep 17 00:00:00 2001
From: Peter Braun <pbraun@redhat.com>
Date: Mon, 11 Aug 2025 18:46:08 +0200
Subject: [PATCH] Aap 50951 (#7053)

* disable authenticators that require updating the redirect URL and add groups claim to AzureAD migrator

* update tests
---
 awx/sso/tests/unit/test_google_oauth2_migrator.py | 2 +-
 awx/sso/utils/azure_ad_migrator.py                | 3 ++-
 awx/sso/utils/github_migrator.py                  | 2 +-
 awx/sso/utils/google_oauth2_migrator.py           | 2 +-
 awx/sso/utils/oidc_migrator.py                    | 2 +-
 awx/sso/utils/saml_migrator.py                    | 2 +-
 6 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/awx/sso/tests/unit/test_google_oauth2_migrator.py b/awx/sso/tests/unit/test_google_oauth2_migrator.py
index c098afde99..ec7fca5939 100644
--- a/awx/sso/tests/unit/test_google_oauth2_migrator.py
+++ b/awx/sso/tests/unit/test_google_oauth2_migrator.py
@@ -54,7 +54,7 @@ def test_create_gateway_authenticator(mocker, test_google_config):
     assert payload['name'] == 'google'
     assert payload['slug'] == 'aap-google-oauth2-google-oauth2'
     assert payload['type'] == 'ansible_base.authentication.authenticator_plugins.google_oauth2'
-    assert payload['enabled'] is True
+    assert payload['enabled'] is False
     assert payload['create_objects'] is True
     assert payload['remove_users'] is False
 
diff --git a/awx/sso/utils/azure_ad_migrator.py b/awx/sso/utils/azure_ad_migrator.py
index 90e90b5091..f2872de335 100644
--- a/awx/sso/utils/azure_ad_migrator.py
+++ b/awx/sso/utils/azure_ad_migrator.py
@@ -56,12 +56,13 @@ class AzureADMigrator(BaseAuthenticatorMigrator):
                     "name": authenticator_name,
                     "slug": authenticator_slug,
                     "type": "ansible_base.authentication.authenticator_plugins.azuread",
-                    "enabled": True,
+                    "enabled": False,
                     "create_objects": True,
                     "remove_users": False,
                     "configuration": {
                         "KEY": key_value,
                         "SECRET": secret_value,
+                        "GROUPS_CLAIM": "groups",
                     },
                 },
                 'org_mappers': org_mappers,
diff --git a/awx/sso/utils/github_migrator.py b/awx/sso/utils/github_migrator.py
index 2c2df8307f..01057740c2 100644
--- a/awx/sso/utils/github_migrator.py
+++ b/awx/sso/utils/github_migrator.py
@@ -157,7 +157,7 @@ class GitHubMigrator(BaseAuthenticatorMigrator):
             "name": authenticator_name,
             "slug": authenticator_slug,
             "type": authenticator_type,
-            "enabled": True,
+            "enabled": False,
             "create_objects": True,  # Allow Gateway to create users/orgs/teams
             "remove_users": False,  # Don't remove users by default
             "configuration": {"KEY": key_value, "SECRET": secret_value},
diff --git a/awx/sso/utils/google_oauth2_migrator.py b/awx/sso/utils/google_oauth2_migrator.py
index 4709e02241..7d47f532a3 100644
--- a/awx/sso/utils/google_oauth2_migrator.py
+++ b/awx/sso/utils/google_oauth2_migrator.py
@@ -71,7 +71,7 @@ class GoogleOAuth2Migrator(BaseAuthenticatorMigrator):
             "name": "google",
             "slug": authenticator_slug,
             "type": "ansible_base.authentication.authenticator_plugins.google_oauth2",
-            "enabled": True,
+            "enabled": False,
             "create_objects": True,  # Allow Gateway to create users/orgs/teams
             "remove_users": False,  # Don't remove users by default
             "configuration": {
diff --git a/awx/sso/utils/oidc_migrator.py b/awx/sso/utils/oidc_migrator.py
index ac7f4c5fd3..f0802234d7 100644
--- a/awx/sso/utils/oidc_migrator.py
+++ b/awx/sso/utils/oidc_migrator.py
@@ -52,7 +52,7 @@ class OIDCMigrator(BaseAuthenticatorMigrator):
         config_data = {
             "name": "default",
             "type": self.AUTH_TYPE,
-            "enabled": True,
+            "enabled": False,
             "create_objects": True,
             "remove_users": False,
             "configuration": {
diff --git a/awx/sso/utils/saml_migrator.py b/awx/sso/utils/saml_migrator.py
index 8b481e2d04..80a9076f06 100644
--- a/awx/sso/utils/saml_migrator.py
+++ b/awx/sso/utils/saml_migrator.py
@@ -64,7 +64,7 @@ class SAMLMigrator(BaseAuthenticatorMigrator):
         """
         found_configs = []
 
-        enabled = True
+        enabled = False
         remove_users = True
         create_objects = getattr(settings, "SAML_AUTO_CREATE_OBJECTS", True)
         idps = getattr(settings, "SOCIAL_AUTH_SAML_ENABLED_IDPS", {})