Add support for SIMPLE_SSO_NO_LOGIN_REDIRECT config setting (#4394)

* Add support for `SIMPLE_SSO_NO_LOGIN_REDIRECT` config setting * reset changes on simple page * redirect at root * remove paths change
2026-04-25 17:15:37 +02:00 · 2025-09-17 12:51:00 -07:00
parent b8d4cc3454
commit cd063af4d1
6 changed files with 40 additions and 3 deletions
--- a/docker/.env.example
+++ b/docker/.env.example
@@ -354,6 +354,7 @@ GID='1000'
 # See https://docs.anythingllm.com/configuration#simple-sso-passthrough for more information.
 # SIMPLE_SSO_ENABLED=1
 # SIMPLE_SSO_NO_LOGIN=1
+# SIMPLE_SSO_NO_LOGIN_REDIRECT=https://your-custom-login-url.com (optional)

 # Allow scraping of any IP address in collector - must be string "true" to be enabled
 # See https://docs.anythingllm.com/configuration#local-ip-address-scraping for more information.
--- a/frontend/src/hooks/useSimpleSSO.js
+++ b/frontend/src/hooks/useSimpleSSO.js
@@ -3,13 +3,14 @@ import System from "@/models/system";

 /**
 * Checks if Simple SSO is enabled and if the user should be redirected to the SSO login page.
- * @returns {{loading: boolean, ssoConfig: {enabled: boolean, noLogin: boolean}}}
+ * @returns {{loading: boolean, ssoConfig: {enabled: boolean, noLogin: boolean, noLoginRedirect: string | null}}}
 */
 export default function useSimpleSSO() {
  const [loading, setLoading] = useState(true);
  const [ssoConfig, setSsoConfig] = useState({
    enabled: false,
    noLogin: false,
+    noLoginRedirect: null,
  });

  useEffect(() => {
@@ -19,6 +20,7 @@ export default function useSimpleSSO() {
        setSsoConfig({
          enabled: settings?.SimpleSSOEnabled,
          noLogin: settings?.SimpleSSONoLogin,
+          noLoginRedirect: settings?.SimpleSSONoLoginRedirect,
        });
      } catch (e) {
        console.error(e);
--- a/frontend/src/pages/Login/index.jsx
+++ b/frontend/src/pages/Login/index.jsx
@@ -20,8 +20,16 @@ export default function Login() {
  const { loading, requiresAuth, mode } = usePasswordModal(!!query.get("nt"));

  if (loading || ssoLoading) return <FullScreenLoader />;
-  if (ssoConfig.enabled && ssoConfig.noLogin)
-    return <Navigate to={paths.sso.login()} />;
+
+  // If simple SSO is enabled and no login is allowed, redirect to the SSO login page.
+  if (ssoConfig.enabled && ssoConfig.noLogin) {
+    // If a noLoginRedirect is provided and no token is provided, redirect to that webpage.
+    if (!!ssoConfig.noLoginRedirect && !query.has("token"))
+      return window.location.replace(ssoConfig.noLoginRedirect);
+    // Otherwise, redirect to the SSO login page.
+    else return <Navigate to={paths.sso.login()} />;
+  }
+
  if (requiresAuth === false) return <Navigate to={paths.home()} />;

  return <PasswordModal mode={mode} />;
--- a/server/.env.example
+++ b/server/.env.example
@@ -352,6 +352,7 @@ TTS_PROVIDER="native"
 # See https://docs.anythingllm.com/configuration#simple-sso-passthrough for more information.
 # SIMPLE_SSO_ENABLED=1
 # SIMPLE_SSO_NO_LOGIN=1
+# SIMPLE_SSO_NO_LOGIN_REDIRECT=https://your-custom-login-url.com (optional)

 # Allow scraping of any IP address in collector - must be string "true" to be enabled
 # See https://docs.anythingllm.com/configuration#local-ip-address-scraping for more information.
--- a/server/models/systemSettings.js
+++ b/server/models/systemSettings.js
@@ -297,6 +297,7 @@ const SystemSettings = {
      // --------------------------------------------------------
      SimpleSSOEnabled: "SIMPLE_SSO_ENABLED" in process.env || false,
      SimpleSSONoLogin: "SIMPLE_SSO_NO_LOGIN" in process.env || false,
+      SimpleSSONoLoginRedirect: this.simpleSSO.noLoginRedirect(),
    };
  },

@@ -654,6 +655,29 @@ const SystemSettings = {
      return { connectionKey: null };
    }
  },
+
+  simpleSSO: {
+    /**
+     * Gets the no login redirect URL. If the conditions below are not met, this will return null.
+     * - If simple SSO is not enabled.
+     * - If simple SSO login page is not disabled.
+     * - If the no login redirect is not a valid URL or is not set.
+     * @returns {string | null}
+     */
+    noLoginRedirect: () => {
+      if (!("SIMPLE_SSO_ENABLED" in process.env)) return null; // if simple SSO is not enabled, return null
+      if (!("SIMPLE_SSO_NO_LOGIN" in process.env)) return null; // if the no login config is not set, return null
+      if (!("SIMPLE_SSO_NO_LOGIN_REDIRECT" in process.env)) return null; // if the no login redirect is not set, return null
+
+      try {
+        let url = new URL(process.env.SIMPLE_SSO_NO_LOGIN_REDIRECT);
+        return url.toString();
+      } catch {}
+
+      // if the no login redirect is not a valid URL or is not set, return null
+      return null;
+    },
+  },
 };

 function mergeConnections(existingConnections = [], updates = []) {
--- a/server/utils/helpers/updateENV.js
+++ b/server/utils/helpers/updateENV.js
@@ -1152,6 +1152,7 @@ function dumpENV() {
    // Simple SSO
    "SIMPLE_SSO_ENABLED",
    "SIMPLE_SSO_NO_LOGIN",
+    "SIMPLE_SSO_NO_LOGIN_REDIRECT",
    // Community Hub
    "COMMUNITY_HUB_BUNDLE_DOWNLOADS_ENABLED",