Add support for SIMPLE_SSO_NO_LOGIN_REDIRECT config setting (#4394)

* Add support for `SIMPLE_SSO_NO_LOGIN_REDIRECT` config setting * reset changes on simple page * redirect at root * remove paths change
2025-09-17 12:51:00 -07:00 · 2025-09-17 12:51:00 -07:00 · cd063af4d1
commit cd063af4d1
parent b8d4cc3454
6 changed files with 40 additions and 3 deletions
--- a/docker/.env.example
+++ b/docker/.env.example
@ -354,6 +354,7 @@ GID='1000'
 # See https://docs.anythingllm.com/configuration#simple-sso-passthrough for more information.
 # SIMPLE_SSO_ENABLED=1
 # SIMPLE_SSO_NO_LOGIN=1
 # SIMPLE_SSO_NO_LOGIN_REDIRECT=https://your-custom-login-url.com (optional)
 # Allow scraping of any IP address in collector - must be string "true" to be enabled
 # See https://docs.anythingllm.com/configuration#local-ip-address-scraping for more information.
--- a/frontend/src/hooks/useSimpleSSO.js
+++ b/frontend/src/hooks/useSimpleSSO.js
@ -3,13 +3,14 @@ import System from "@/models/system";
 /**
 * Checks if Simple SSO is enabled and if the user should be redirected to the SSO login page.
- * @returns {{loading: boolean, ssoConfig: {enabled: boolean, noLogin: boolean}}}
+ * @returns {{loading: boolean, ssoConfig: {enabled: boolean, noLogin: boolean, noLoginRedirect: string | null}}}
 */
 export default function useSimpleSSO() {
  const [loading, setLoading] = useState(true);
  const [ssoConfig, setSsoConfig] = useState({
    enabled: false,
    noLogin: false,
    noLoginRedirect: null,
  });
  useEffect(() => {
@ -19,6 +20,7 @@ export default function useSimpleSSO() {
        setSsoConfig({
          enabled: settings?.SimpleSSOEnabled,
          noLogin: settings?.SimpleSSONoLogin,
          noLoginRedirect: settings?.SimpleSSONoLoginRedirect,
        });
      } catch (e) {
        console.error(e);
--- a/frontend/src/pages/Login/index.jsx
+++ b/frontend/src/pages/Login/index.jsx
@ -20,8 +20,16 @@ export default function Login() {
  const { loading, requiresAuth, mode } = usePasswordModal(!!query.get("nt"));
  if (loading || ssoLoading) return <FullScreenLoader />;
-  if (ssoConfig.enabled && ssoConfig.noLogin)
+
-    return <Navigate to={paths.sso.login()} />;
+  // If simple SSO is enabled and no login is allowed, redirect to the SSO login page.
  if (ssoConfig.enabled && ssoConfig.noLogin) {
    // If a noLoginRedirect is provided and no token is provided, redirect to that webpage.
    if (!!ssoConfig.noLoginRedirect && !query.has("token"))
      return window.location.replace(ssoConfig.noLoginRedirect);
    // Otherwise, redirect to the SSO login page.
    else return <Navigate to={paths.sso.login()} />;
  }
  if (requiresAuth === false) return <Navigate to={paths.home()} />;
  return <PasswordModal mode={mode} />;
--- a/server/.env.example
+++ b/server/.env.example
@ -352,6 +352,7 @@ TTS_PROVIDER="native"
 # See https://docs.anythingllm.com/configuration#simple-sso-passthrough for more information.
 # SIMPLE_SSO_ENABLED=1
 # SIMPLE_SSO_NO_LOGIN=1
 # SIMPLE_SSO_NO_LOGIN_REDIRECT=https://your-custom-login-url.com (optional)
 # Allow scraping of any IP address in collector - must be string "true" to be enabled
 # See https://docs.anythingllm.com/configuration#local-ip-address-scraping for more information.
--- a/server/models/systemSettings.js
+++ b/server/models/systemSettings.js
@ -297,6 +297,7 @@ const SystemSettings = {
      // --------------------------------------------------------
      SimpleSSOEnabled: "SIMPLE_SSO_ENABLED" in process.env || false,
      SimpleSSONoLogin: "SIMPLE_SSO_NO_LOGIN" in process.env || false,
      SimpleSSONoLoginRedirect: this.simpleSSO.noLoginRedirect(),
    };
  },
@ -654,6 +655,29 @@ const SystemSettings = {
      return { connectionKey: null };
    }
  },
  simpleSSO: {
    /**
     * Gets the no login redirect URL. If the conditions below are not met, this will return null.
     * - If simple SSO is not enabled.
     * - If simple SSO login page is not disabled.
     * - If the no login redirect is not a valid URL or is not set.
     * @returns {string | null}
     */
    noLoginRedirect: () => {
      if (!("SIMPLE_SSO_ENABLED" in process.env)) return null; // if simple SSO is not enabled, return null
      if (!("SIMPLE_SSO_NO_LOGIN" in process.env)) return null; // if the no login config is not set, return null
      if (!("SIMPLE_SSO_NO_LOGIN_REDIRECT" in process.env)) return null; // if the no login redirect is not set, return null
      try {
        let url = new URL(process.env.SIMPLE_SSO_NO_LOGIN_REDIRECT);
        return url.toString();
      } catch {}
      // if the no login redirect is not a valid URL or is not set, return null
      return null;
    },
  },
 };
 function mergeConnections(existingConnections = [], updates = []) {
--- a/server/utils/helpers/updateENV.js
+++ b/server/utils/helpers/updateENV.js
@ -1152,6 +1152,7 @@ function dumpENV() {
    // Simple SSO
    "SIMPLE_SSO_ENABLED",
    "SIMPLE_SSO_NO_LOGIN",
    "SIMPLE_SSO_NO_LOGIN_REDIRECT",
    // Community Hub
    "COMMUNITY_HUB_BUNDLE_DOWNLOADS_ENABLED",