FEATURE: custom url to redirect to on account pending approval for sso

app/controllers/session_controller.rb

@@ -71,7 +71,11 @@ class SessionController < ApplicationController
       if user = sso.lookup_or_create_user(request.remote_ip)
 
         if SiteSetting.must_approve_users? && !user.approved?
+          if SiteSetting.sso_not_approved_url.present?
+            redirect_to sso_not_approved_url
+          else
             render text: I18n.t("sso.account_not_approved"), status: 403
+          end
           return
         elsif !user.active?
           activation = UserActivator.new(user, request, session, cookies)

config/locales/server.en.yml

@@ -887,6 +887,7 @@ en:
     sso_overrides_username: "Overrides local username with external site username from SSO payload (WARNING: discrepancies can occur due to differences in username length/requirements)"
     sso_overrides_name: "Overrides local full name with external site full name from SSO payload"
     sso_overrides_avatar: "Overrides user avatar with external site avatar from SSO payload. If enabled, disabling allow_uploaded_avatars is highly recommended"
+    sso_not_approved_url: "Redirect unapproved SSO accounts to this URL"
 
     enable_local_logins: "Enable local username and password login based accounts. (Note: this must be enabled for invites to work)"
     allow_new_registrations: "Allow new user registrations. Uncheck this to prevent anyone from creating a new account."

config/site_settings.yml

@@ -235,6 +235,7 @@ login:
   sso_overrides_avatar:
     default: false
     client: true
+  sso_not_approved_url: ''
   email_domains_blacklist:
     default: 'mailinator.com'
     type: list