Merge branch 'master' into 15577-ownership-transfer

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>

diff --combined lib/config/config.default.yml
index dfa175f04caa467a82465dcc4be57c169541d45a,fee8503df812492357ebf813240fc8c8abda4596..d9dc664686c4e96f14292e513eaf14cbfd0f2650
--- 1/lib/config/config.default.yml
--- 2/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@@ -493,12 -493,25 +493,25 @@@ Clusters
      Login:
        # These settings are provided by your OAuth2 provider (eg
        # Google) used to perform upstream authentication.
-       ProviderAppSecret: ""
        ProviderAppID: ""
+       ProviderAppSecret: ""
+ 
+       # (Experimental) Authenticate with Google, bypassing the
+       # SSO-provider gateway service. Use the Google Cloud console to
+       # generate the Client ID and secret (APIs and Services >
+       # Credentials > Create credentials > OAuth client ID > Web
+       # application) and add your controller's /login URL (e.g.,
+       # "https://zzzzz.example.com/login") as an authorized redirect
+       # URL.
+       #
+       # Requires EnableBetaController14287. ProviderAppID must be
+       # blank.
+       GoogleClientID: ""
+       GoogleClientSecret: ""
  
        # The cluster ID to delegate the user database.  When set,
        # logins on this cluster will be redirected to the login cluster
 -      # (login cluster must appear in RemoteHosts with Proxy: true)
 +      # (login cluster must appear in RemoteClusters with Proxy: true)
        LoginCluster: ""
  
        # How long a cached token belonging to a remote cluster will