Obey GitLab.com group SAML enabled? setting
Previously we weren't checking this when visiting the /sso page, or when hitting a callback. This is both incorrect behaviour and a security issue as it can be used to join a group. We don't check this on metadata endpoints still, since they are used before SAML is configured for the group.
Showing with 53 additions and 1 deletion