From c9723a1c1fbae1cc172fc9257fd1f1f259d2a23f Mon Sep 17 00:00:00 2001
From: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com>
Date: Thu, 13 Apr 2023 15:08:00 +0200
Subject: [PATCH] Only load the SSO redirect servlet if SSO is enabled.
 (#15421)

---
 changelog.d/15421.misc       | 1 +
 synapse/rest/client/login.py | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/15421.misc

diff --git a/changelog.d/15421.misc b/changelog.d/15421.misc
new file mode 100644
index 000000000..5deea3ac5
--- /dev/null
+++ b/changelog.d/15421.misc
@@ -0,0 +1 @@
+Only load the SSO redirect servlet if SSO is enabled.
\ No newline at end of file
diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py
index 32c2f5ce0..a34872013 100644
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@@ -675,7 +675,12 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
         and hs.config.registration.refreshable_access_token_lifetime is not None
     ):
         RefreshTokenServlet(hs).register(http_server)
-    SsoRedirectServlet(hs).register(http_server)
+    if (
+        hs.config.cas.cas_enabled
+        or hs.config.saml2.saml2_enabled
+        or hs.config.oidc.oidc_enabled
+    ):
+        SsoRedirectServlet(hs).register(http_server)
     if hs.config.cas.cas_enabled:
         CasTicketServlet(hs).register(http_server)