From 5b7a0504f445e38c8f50b0010ac8772ccca354ff Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Mon, 23 Sep 2024 08:52:06 -0400
Subject: [PATCH] Enable service redirect auth and reverse-sync from DAB
 (#15489)

* Update settings from DAB features

* Move to the end of the list more correctly
---
 awx/settings/defaults.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index edf453832a..d51818d722 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -524,7 +524,11 @@ _SOCIAL_AUTH_PIPELINE_BASE = (
     'social_core.pipeline.user.user_details',
     'awx.sso.social_base_pipeline.prevent_inactive_login',
 )
-SOCIAL_AUTH_PIPELINE = _SOCIAL_AUTH_PIPELINE_BASE + ('awx.sso.social_pipeline.update_user_orgs', 'awx.sso.social_pipeline.update_user_teams')
+SOCIAL_AUTH_PIPELINE = _SOCIAL_AUTH_PIPELINE_BASE + (
+    'awx.sso.social_pipeline.update_user_orgs',
+    'awx.sso.social_pipeline.update_user_teams',
+    'ansible_base.resource_registry.utils.service_backed_sso_pipeline.redirect_to_resource_server',
+)
 SOCIAL_AUTH_SAML_PIPELINE = _SOCIAL_AUTH_PIPELINE_BASE + ('awx.sso.saml_pipeline.populate_user', 'awx.sso.saml_pipeline.update_user_flags')
 SAML_AUTO_CREATE_OBJECTS = True
 
@@ -1165,6 +1169,9 @@ OPTIONAL_UI_URL_PREFIX = ''
 # Use AWX base view, to give 401 on unauthenticated requests
 ANSIBLE_BASE_CUSTOM_VIEW_PARENT = 'awx.api.generics.APIView'
 
+# If we have a resource server defined, apply local changes to that server
+RESOURCE_SERVER_SYNC_ENABLED = True
+
 # Settings for the ansible_base RBAC system
 
 # This has been moved to data migration code