feat: add ssoId support to loadSettings and add loadAllSettings for multi-SSO tenants (#333)

* feat: add ssoId support to loadSettings and add loadAllSettings for multi-SSO tenants

Adds parity with the Node.js and Go SDKs:
- loadSettings(tenantId, ssoId): optional ssoId param to fetch a specific SSO config
- loadAllSettings(tenantId): new method returning all SSO configs for a tenant via /v2/mgmt/sso/settings/all

The existing loadSettings(tenantId) overload is preserved for backward compatibility and
now delegates to the two-argument form with ssoId=null.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: sort SSOAllSettingsResponse import in lexicographical order

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: chris4490

README.md

@@ -910,9 +910,24 @@ You can manage SSO settings and map SSO group roles and user attributes.
 
 ```java
 SsoService ss = descopeClient.getManagementServices().getSsoService();
-// You can get SSO settings for a specific tenant ID
+// Load the default SSO settings for a tenant
 try {
-    SSOSettingsResponse resp = ss.loadSettings("tenant-id");
+    SSOTenantSettingsResponse resp = ss.loadSettings("tenant-id");
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Load a specific SSO configuration by ssoId (multi-SSO tenants)
+try {
+    SSOTenantSettingsResponse resp = ss.loadSettings("tenant-id", "sso-config-id");
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Load all SSO configurations for a tenant
+try {
+    SSOAllSettingsResponse resp = ss.loadAllSettings("tenant-id");
+    List<SSOTenantSettingsResponse> allConfigs = resp.getSsoSettings();
 } catch (DescopeException de) {
     // Handle the error
 }

src/main/java/com/descope/literals/Routes.java

@@ -140,6 +140,7 @@ public static class ManagementEndPoints {
     public static final String SSO_CONFIGURE_METADATA_LINK = "/v1/mgmt/sso/metadata";
     public static final String SSO_CONFIGURE_MAPPING_LINK = "/v1/mgmt/sso/mapping";
     public static final String SSO_GET_SETTINGS_V2_LINK = "/v2/mgmt/sso/settings";
+    public static final String SSO_GET_ALL_SETTINGS_V2_LINK = "/v2/mgmt/sso/settings/all";
     public static final String SSO_CONFIGURE_SAML_SETTINGS_LINK = "/v1/mgmt/sso/saml";
     public static final String SSO_CONFIGURE_SAML_SETTINGS_BY_MD_LINK = "/v1/mgmt/sso/saml/metadata";
     public static final String SSO_CONFIGURE_OIDC_SETTINGS_LINK = "/v1/mgmt/sso/oidc";

src/main/java/com/descope/model/sso/SSOAllSettingsResponse.java

@@ -0,0 +1,17 @@
+package com.descope.model.sso;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class SSOAllSettingsResponse {
+  @JsonProperty("SSOSettings")
+  private List<SSOTenantSettingsResponse> ssoSettings;
+}

src/main/java/com/descope/sdk/mgmt/SsoService.java

@@ -3,6 +3,7 @@
 import com.descope.exception.DescopeException;
 import com.descope.model.sso.AttributeMapping;
 import com.descope.model.sso.RoleMapping;
+import com.descope.model.sso.SSOAllSettingsResponse;
 import com.descope.model.sso.SSOOIDCSettings;
 import com.descope.model.sso.SSOSAMLSettings;
 import com.descope.model.sso.SSOSAMLSettingsByMetadata;
@@ -12,14 +13,34 @@
 
 public interface SsoService {
   /**
-   * Load all tenant SSO setting.
+   * Load SSO settings for the given tenant. When {@code ssoId} is blank the default SSO
+   * configuration is returned (same behavior as {@link #loadSettings(String)}).
+   *
+   * @param tenantId the tenant ID to load settings for
+   * @param ssoId optional SSO configuration ID; pass {@code null} or empty to get the default
+   * @return {@link SSOTenantSettingsResponse} the matching SSO settings
+   * @throws DescopeException If error, a subtype of this exception will be thrown
+   */
+  SSOTenantSettingsResponse loadSettings(String tenantId, String ssoId) throws DescopeException;
+
+  /**
+   * Load SSO settings for the given tenant (returns the default SSO configuration).
    *
    * @param tenantId the tenant ID we are loading settings for
    * @return {@link SSOTenantSettingsResponse} all SSO settings for the tenant
    * @throws DescopeException If error, a subtype of this exception will be thrown
    */
   SSOTenantSettingsResponse loadSettings(String tenantId) throws DescopeException;
 
+  /**
+   * Load all SSO configurations for the given tenant.
+   *
+   * @param tenantId the tenant ID to load all SSO configurations for
+   * @return {@link SSOAllSettingsResponse} all SSO configurations for the tenant
+   * @throws DescopeException If error, a subtype of this exception will be thrown
+   */
+  SSOAllSettingsResponse loadAllSettings(String tenantId) throws DescopeException;
+
   /**
    * Configure SSO SAML settings for a tenant manually.
    *

src/main/java/com/descope/sdk/mgmt/impl/SsoServiceImpl.java

@@ -7,6 +7,7 @@
 import static com.descope.literals.Routes.ManagementEndPoints.SSO_CONFIGURE_SAML_SETTINGS_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.SSO_CONFIGURE_SETTINGS_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.SSO_DELETE_SETTINGS_LINK;
+import static com.descope.literals.Routes.ManagementEndPoints.SSO_GET_ALL_SETTINGS_V2_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.SSO_GET_SETTINGS_LINK;
 import static com.descope.literals.Routes.ManagementEndPoints.SSO_GET_SETTINGS_V2_LINK;
 import static com.descope.utils.CollectionUtils.mapOf;
@@ -16,13 +17,15 @@
 import com.descope.model.client.Client;
 import com.descope.model.sso.AttributeMapping;
 import com.descope.model.sso.RoleMapping;
+import com.descope.model.sso.SSOAllSettingsResponse;
 import com.descope.model.sso.SSOOIDCSettings;
 import com.descope.model.sso.SSOSAMLSettings;
 import com.descope.model.sso.SSOSAMLSettingsByMetadata;
 import com.descope.model.sso.SSOSettingsResponse;
 import com.descope.model.sso.SSOTenantSettingsResponse;
 import com.descope.proxy.ApiProxy;
 import com.descope.sdk.mgmt.SsoService;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import org.apache.commons.lang3.StringUtils;
@@ -32,14 +35,33 @@ class SsoServiceImpl extends ManagementsBase implements SsoService {
     super(client);
   }
 
+  @Override
+  public SSOTenantSettingsResponse loadSettings(String tenantId, String ssoId) throws DescopeException {
+    if (StringUtils.isBlank(tenantId)) {
+      throw ServerCommonException.invalidArgument("TenantId");
+    }
+    Map<String, String> params = new HashMap<>();
+    params.put("tenantId", tenantId);
+    if (StringUtils.isNotBlank(ssoId)) {
+      params.put("ssoId", ssoId);
+    }
+    ApiProxy apiProxy = getApiProxy();
+    return apiProxy.get(getQueryParamUri(SSO_GET_SETTINGS_V2_LINK, params), SSOTenantSettingsResponse.class);
+  }
+
   @Override
   public SSOTenantSettingsResponse loadSettings(String tenantId) throws DescopeException {
+    return loadSettings(tenantId, null);
+  }
+
+  @Override
+  public SSOAllSettingsResponse loadAllSettings(String tenantId) throws DescopeException {
     if (StringUtils.isBlank(tenantId)) {
       throw ServerCommonException.invalidArgument("TenantId");
     }
     Map<String, String> params = mapOf("tenantId", tenantId);
     ApiProxy apiProxy = getApiProxy();
-    return apiProxy.get(getQueryParamUri(SSO_GET_SETTINGS_V2_LINK, params), SSOTenantSettingsResponse.class);
+    return apiProxy.get(getQueryParamUri(SSO_GET_ALL_SETTINGS_V2_LINK, params), SSOAllSettingsResponse.class);
   }
 
   @Override

src/test/java/com/descope/sdk/mgmt/impl/SsoServiceImplTest.java

@@ -19,6 +19,7 @@
 import com.descope.model.sso.GroupsMapping;
 import com.descope.model.sso.OIDCAttributeMapping;
 import com.descope.model.sso.RoleMapping;
+import com.descope.model.sso.SSOAllSettingsResponse;
 import com.descope.model.sso.SSOOIDCSettings;
 import com.descope.model.sso.SSOSAMLSettings;
 import com.descope.model.sso.SSOSAMLSettingsByMetadata;
@@ -77,6 +78,61 @@ void testGetSettingsForSuccess() {
     }
   }
 
+  @Test
+  void testLoadSettingsWithSsoIdForEmptyTenantId() {
+    ServerCommonException thrown =
+        assertThrows(ServerCommonException.class, () -> ssoService.loadSettings("", "someSsoId"));
+    assertNotNull(thrown);
+    assertEquals("The TenantId argument is invalid", thrown.getMessage());
+  }
+
+  @Test
+  void testLoadSettingsWithSsoIdForSuccess() {
+    SSOTenantSettingsResponse ssoTenantSettingsResponse = mock(SSOTenantSettingsResponse.class);
+    ApiProxy apiProxy = mock(ApiProxy.class);
+    doReturn(ssoTenantSettingsResponse).when(apiProxy).get(any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+        () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      SSOTenantSettingsResponse response = ssoService.loadSettings("someTenantID", "someSsoId");
+      Assertions.assertThat(response).isNotNull();
+    }
+  }
+
+  @Test
+  void testLoadSettingsWithNullSsoIdForSuccess() {
+    SSOTenantSettingsResponse ssoTenantSettingsResponse = mock(SSOTenantSettingsResponse.class);
+    ApiProxy apiProxy = mock(ApiProxy.class);
+    doReturn(ssoTenantSettingsResponse).when(apiProxy).get(any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+        () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      SSOTenantSettingsResponse response = ssoService.loadSettings("someTenantID", null);
+      Assertions.assertThat(response).isNotNull();
+    }
+  }
+
+  @Test
+  void testLoadAllSettingsForEmptyTenantId() {
+    ServerCommonException thrown =
+        assertThrows(ServerCommonException.class, () -> ssoService.loadAllSettings(""));
+    assertNotNull(thrown);
+    assertEquals("The TenantId argument is invalid", thrown.getMessage());
+  }
+
+  @Test
+  void testLoadAllSettingsForSuccess() {
+    SSOAllSettingsResponse ssoAllSettingsResponse = mock(SSOAllSettingsResponse.class);
+    ApiProxy apiProxy = mock(ApiProxy.class);
+    doReturn(ssoAllSettingsResponse).when(apiProxy).get(any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+        () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      SSOAllSettingsResponse response = ssoService.loadAllSettings("someTenantID");
+      Assertions.assertThat(response).isNotNull();
+    }
+  }
+
   @Test
   void testDeleteSettingsForEmptyTenantId() {
     ServerCommonException thrown =