Add seamless redirect when SAML is only authentication option

[mikeclarke]

For the case where SAML is the only option to authenticate, this changeset avoids rendering the template with the "SAML Login" link and starts the SAML login redirect flow directly. This allows for a seamless login experience without having to render the intermediate page with the single link. Works great for my use case, maybe this is handy for others as well.

[arikfr]

Thanks! We used to have seamless redirects in the past, but it created two problems:

1. The user can't logout (because when logging out, you get redirected to the login page, which redirects you to the SSO provider).
2. With Google Apps, it sometimes created endless redirect loops.

How about we add an environment variable (in redash.settings) to control this behavior?

[mikeclarke]

Environment variable works for me, what do you prefer - maybe REDASH_SEAMLESS_SSO?

1. The user can't logout (because when logging out, you get redirected to the login page, which redirects you to the SSO provider).

Would it make sense to add a logged-out view that behaves just like the login page, but without the immediate redirect?

2. With Google Apps, it sometimes created endless redirect loops.

Hm, not sure how to avoid this.

[arikfr]

Environment variable works for me, what do you prefer - maybe REDASH_SEAMLESS_SSO?

If it's going to be only for SAML, then maybe REDASH_SEAMLESS_SAML_SSO?

Would it make sense to add a logged-out view that behaves just like the login page, but without the immediate redirect?

Makes sense. Although if you don't mind the immediate redirect, and it's behind an ENV var, I don't mind merging without it :)