SSO enforcement should enforce on subgroups
Overview
When enforcing SAML SSO, this enforcement should apply to subgroups and projects as well as the top-level group. Currently, it appears that only navigating to the top-level group redirects to the SSO URL.
Reproduction
- Enable SSO enforcement on a group.
- Navigate to the group. You should be directed to the SSO URL (good!).
- Navigate to a known subgroup under the top level group. (e.g. https://gitlab.com/manage-sso-test-group/subgroup-1)
- If you've got an active session, it should present the subgroup's overview.
- If you don't, it should present the
sign_inpage.
Desired behavior
When enforcing SSO, subgroups and projects should check for SSO and redirect the user to the SSO URL if needed.