[BUG][UI]: ADFS SSO login page shows duplicate provider buttons (ADFS + Auth0)

[calculus-ask]

🐞 Bug Summary

The login page UI displays two login buttons one with ADFS Login and another with auth0. Tried in inconginito or Inprivate modes also.

Redirect url: https://mcpgateway-dev.*****.cld.*****.net/auth/sso/callback/adfs

If i click adfs getting not authenticated error in login page:

{"asctime": "2026-03-08T07:53:30", "name": "mcpgateway.services.structured_logger", "levelname": "INFO", "message": "[http_gateway] Request completed: GET /auth/sso/login/adfs - 200", "component": "http_gateway", "category": null, "user_id": null, "user_email": null, "team_id": null, "duration_ms": 11.096715927124023, "custom_fields": null, "tags": null, "correlation_id": "fffb673d9e644e3e8a4f05fc1521b38c", "operation_type": "http_request", "request_method": "GET", "request_path": "/auth/sso/login/adfs", "response_status_code": 200, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0", "client_ip": "10.108.35.44", "metadata": {"event": "request_completed", "response_time_category": "fast"}, "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-frcr2", "process_id": 1, "timestamp": "2026-03-08T07:53:30.893848+00:00", "@timestamp": "2026-03-08T07:53:30.893870Z", "request_id": "fffb673d9e644e3e8a4f05fc1521b38c"}
{"asctime": "2026-03-08T07:53:30", "name": "uvicorn.access", "levelname": "INFO", "message": "10.108.35.44:0 - \"GET /auth/sso/login/adfs?redirect_uri=https%3A%2F%2Fmcpgateway-dev.mcp-sf.cld.*****.net%2Fauth%2Fsso%2Fcallback%2Fadfs HTTP/1.1\" 200", "@timestamp": "2026-03-08T07:53:30.894324Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-frcr2", "process_id": 1}
{"asctime": "2026-03-08T07:53:35", "name": "mcpgateway.services.sso_service", "levelname": "INFO", "message": "Starting token exchange for provider adfs", "@timestamp": "2026-03-08T07:53:35.194898Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:35", "name": "httpx", "levelname": "INFO", "message": "HTTP Request: POST https://adfs.ds.*****.netadfs/oauth2/token/ \"HTTP/1.1 200 OK\"", "@timestamp": "2026-03-08T07:53:35.936591Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:35", "name": "mcpgateway.services.sso_service", "levelname": "INFO", "message": "Token exchange successful for provider adfs", "@timestamp": "2026-03-08T07:53:35.937627Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:35", "name": "httpx", "levelname": "INFO", "message": "HTTP Request: GET https://adfs.ds.*****.net/adfs/.well-known/openid-configuration \"HTTP/1.1 200 OK\"", "@timestamp": "2026-03-08T07:53:35.976344Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:36", "name": "httpx", "levelname": "INFO", "message": "HTTP Request: GET https://adfs.ds.*****.net/adfs/oauth2/userinfo/ \"HTTP/1.1 405 Method Not Allowed\"", "@timestamp": "2026-03-08T07:53:36.169942Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:36", "name": "mcpgateway.services.sso_service", "levelname": "ERROR", "message": "User info request failed for adfs: HTTP 405 - ", "@timestamp": "2026-03-08T07:53:36.170682Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:36", "name": "mcpgateway.services.sso_service", "levelname": "ERROR", "message": "Failed to get user info for provider adfs", "@timestamp": "2026-03-08T07:53:36.170781Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:36", "name": "mcpgateway.services.structured_logger", "levelname": "INFO", "message": "[http_gateway] Request completed: GET /auth/sso/callback/adfs - 302", "component": "http_gateway", "category": null, "user_id": null, "user_email": null, "team_id": null, "duration_ms": 984.2305183410645, "custom_fields": null, "tags": null, "correlation_id": "8edfbdf466cb47679153fd0526bdaa3c", "operation_type": "http_request", "request_method": "GET", "request_path": "/auth/sso/callback/adfs", "response_status_code": 302, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0", "client_ip": "10.108.35.44", "metadata": {"event": "request_completed", "response_time_category": "normal"}, "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "timestamp": "2026-03-08T07:53:36.171409+00:00", "@timestamp": "2026-03-08T07:53:36.171434Z", "request_id": "8edfbdf466cb47679153fd0526bdaa3c"}
{"asctime": "2026-03-08T07:53:36", "name": "uvicorn.access", "levelname": "INFO", "message": "10.108.35.44:0 - \"GET /auth/sso/callback/adfs?code=za8FZaPbekiSAAXx3****w&state=uPsrrLsk3****9 HTTP/1.1\" 302", "@timestamp": "2026-03-08T07:53:36.171879Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1}

if i click auth0 button getting below logs

{"asctime": "2026-03-08T08:29:10", "name": "mcpgateway.services.structured_logger", "levelname": "INFO", "message": "[http_gateway] Request completed: GET /auth/sso/login/auth0 - 200", "component": "http_gateway", "category": null, "user_id": null, "user_email": null, "team_id": null, "duration_ms": 7.203340530395508, "custom_fields": null, "tags": null, "correlation_id": "37509f9d1b9c425d8fad2e9a2362d4a4", "operation_type": "http_request", "request_method": "GET", "request_path": "/auth/sso/login/auth0", "response_status_code": 200, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0", "client_ip": "10.108.32.254", "metadata": {"event": "request_completed", "response_time_category": "fast"}, "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1, "timestamp": "2026-03-08T08:29:10.106901+00:00", "@timestamp": "2026-03-08T08:29:10.106923Z", "request_id": "37509f9d1b9c425d8fad2e9a2362d4a4"}
{"asctime": "2026-03-08T08:29:10", "name": "uvicorn.access", "levelname": "INFO", "message": "10.108.32.254:0 - \"GET /auth/sso/login/auth0?redirect_uri=https%3A%2F%2Fmcpgateway-dev.mcp-sf.cld.dtveng.net%2Fauth%2Fsso%2Fcallback%2Fauth0 HTTP/1.1\" 200", "@timestamp": "2026-03-08T08:29:10.107361Z", "hostname": "mcp-gateway-deploy-dev-bcdb7b95d-k4565", "process_id": 1}

Activity ID: 3b831d8d-19a8-431a-687b-0180000000c6
Error details: MSIS9224: Received invalid OAuth authorization request. The received 'redirect_uri' parameter is not a valid registered redirect URI for the client identifier: '11fb0935-eb67-4c61-9f75-579a71c06641'. Received redirect_uri: 'https://mcpgateway-dev.mcp-sf.cld.****.net/auth/sso/callback/auth0'.
Node name: 6505afcd-dba3-487a-9200-056bf6e9666d
Error time: Sun, 08 Mar 2026 08:29:11 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0
Logout & reset form

---

🧩 Affected Component

Select the area of the project impacted:

• [YES ] mcpgateway - API
• [YES ] mcpgateway - UI (admin panel)
• mcpgateway.wrapper - stdio wrapper
• Federation or Transports
• CLI, Makefiles, or shell scripts
• Container setup (Docker/Podman/Compose)
• Other (explain below)

---

🔁 Steps to Reproduce

Added below env variables
SSO_ENABLED | true
SSO_GENERIC_ENABLED | true
SSO_GENERIC_PROVIDER_ID | adfs
SSO_GENERIC_DISPLAY_NAME | ADFS Login
SSO_GENERIC_CLIENT_ID | ****
SSO_GENERIC_CLIENT_SECRET | ****
SSO_GENERIC_AUTHORIZATION_URL | https://adfs.ds.****.net/adfs/oauth2/authorize/
SSO_GENERIC_TOKEN_URL | https://adfs.ds.*****.net/adfs/oauth2/token/
SSO_GENERIC_USERINFO_URL | https://adfs.ds.*****.net/adfs/oauth2/userinfo/
SSO_GENERIC_ISSUER | https://adfs.ds.*****.net/adfs
SSO_GENERIC_SCOPE | openid profile email
SSO_PRESERVE_ADMIN_AUTH | true

---

🤔 Expected Behavior

The login screen should have only ADFS Login button

---

📓 Logs / Error Output

Paste any relevant stack traces or logs here.
⚠️ Do not paste secrets, credentials, or tokens.

---

🧠 Environment Info

You can retrieve most of this from the /version endpoint.

Key	Value
Version or commit	12735ab
Runtime	e.g. Python 3.11, Gunicorn
Platform / OS	EKS
Container	Podman

---

🧩 Additional Context (optional)

Add any configuration details, flags, or related issues.

[crivetimihai]

Thanks @calculus-ask. The login page is showing both an ADFS button and an Auth0 button even when Auth0 isn't configured. The SSO provider list isn't filtered correctly — it's rendering a default or hardcoded Auth0 button alongside the configured ADFS provider. Fix: only render login buttons for SSO providers that are both configured and enabled. Could you share your SSO provider configuration (with secrets redacted)?

[calculus-ask]

Thanks @crivetimihai.

SSO details was provided:

SSO_GENERIC_CLIENT_ID | ****
SSO_GENERIC_CLIENT_SECRET | ****
SSO_GENERIC_AUTHORIZATION_URL | https://adfs.ds.****.net/adfs/oauth2/authorize/
SSO_GENERIC_TOKEN_URL | https://adfs.ds.*****.net/adfs/oauth2/token/
SSO_GENERIC_USERINFO_URL | https://adfs.ds.*****.net/adfs/oauth2/userinfo/
SSO_GENERIC_ISSUER | https://adfs.ds.*****.net/adfs

Redirect url: https://mcpgateway-dev.*****.cld.*****.net/auth/sso/callback/adfs