What would you like to see?

Here is the workflow I am implementing with AnythingLLM.

• User Access: User visits the app through a reverse proxy.
• Session Check: Proxy checks for a valid session cookie.
• Login Redirect: If no session, proxy redirects user to an external Identity Provider (Keycloak) for authentication.
• Authentication: User logs in at the Identity Provider and is redirected back to the proxy with an authorization code.
• Token Exchange: Proxy exchanges the code for tokens and verifies the ID token.
• User Mapping: Proxy maps the authenticated user to an internal user ID.
• Session Creation: Proxy creates a session cookie for the user.
• Redirect to App: User is redirected to the AnythingLLM with the session active URL.
• Authenticated Requests: Proxy validates sessions on subsequent requests and forwards them to the app.
• Logout: Proxy clears session and redirects user to Identity Provider logout.

Request: Disable or bypass the internal AnythingLLM login page and flow entirely.

In my usecase users must authenticate only through the AnythingLLM SSO via the reverse proxy.
Direct access to AnythingLLM’s native login page should be blocked or redirected.
User creation should not require a password since authentication is handled by the SSO (even if the password is just generated on the backend.)
This ensures centralized auth control and prevents users from bypassing the proxy’s SSO flow.