diff --git a/Gemfile b/Gemfile
index 1a6c9c0d..a29aee1f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,9 +5,10 @@ gem 'passenger', "~> 6.0"
 gem 'ajax-datatables-rails', "~> 1.4"
 
 # Use OmniAuth to support any type of auth
-gem 'omniauth', "~> 1.9"
-gem 'omniauth-shibboleth', "~> 1.1"
+gem 'omniauth', "~> 2.0"
+gem 'omniauth-rails_csrf_protection', "~> 1.0"
 gem 'omniauth-shibboleth-passive', "~> 0.1"
+gem 'omniauth-shibboleth-redux', "~> 2.0"
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '~> 8.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 50cdd981..0acb3524 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -124,7 +124,7 @@ GEM
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
       rouge (>= 1.0.0)
-    bigdecimal (3.1.8)
+    bigdecimal (3.1.9)
     bindex (0.8.1)
     binding_of_caller (1.0.1)
       debug_inspector (>= 1.2.0)
@@ -141,7 +141,7 @@ GEM
       capistrano (~> 3.1)
     capistrano-passenger (0.2.1)
       capistrano (~> 3.0)
-    capistrano-rails (1.6.3)
+    capistrano-rails (1.7.0)
       capistrano (~> 3.1)
       capistrano-bundler (>= 1.1, < 3)
     capistrano-rbenv (2.2.0)
@@ -252,7 +252,7 @@ GEM
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     json (2.9.1)
-    jwt (2.9.3)
+    jwt (2.10.1)
       base64
     language_server-protocol (3.17.0.3)
     launchy (2.5.2)
@@ -314,13 +314,19 @@ GEM
     notiffany (0.1.3)
       nenv (~> 0.1)
       shellany (~> 0.0)
-    omniauth (1.9.2)
+    omniauth (2.1.2)
       hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-rails_csrf_protection (1.0.2)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
     omniauth-shibboleth (1.1.2)
       omniauth (>= 1.0.0)
     omniauth-shibboleth-passive (0.1.0)
       omniauth-shibboleth (~> 1.1.0)
+    omniauth-shibboleth-redux (2.0.0)
+      omniauth (>= 2.0.0)
     ostruct (0.6.1)
     paper_trail (16.0.0)
       activerecord (>= 6.1)
@@ -351,11 +357,14 @@ GEM
       activesupport (>= 3.0.0)
     racc (1.8.1)
     rack (2.2.10)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
+      rack (~> 2.2, >= 2.2.4)
     rack-proxy (0.7.7)
       rack
     rack-session (1.0.2)
       rack (< 3)
-    rack-test (2.1.0)
+    rack-test (2.2.0)
       rack (>= 1.3)
     rack-utf8_sanitizer (1.9.1)
       rack (>= 1.0, < 4.0)
@@ -398,7 +407,7 @@ GEM
       ffi (~> 1.0)
     rdoc (6.10.0)
       psych (>= 4.0.0)
-    regexp_parser (2.9.3)
+    regexp_parser (2.10.0)
     reline (0.6.0)
       io-console (~> 0.5)
     request_store (1.7.0)
@@ -450,7 +459,7 @@ GEM
     rubocop-performance (1.23.0)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
-    rubocop-rails (2.27.0)
+    rubocop-rails (2.28.0)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.52.0, < 2.0)
@@ -522,7 +531,7 @@ GEM
       concurrent-ruby (~> 1.0)
     uglifier (4.2.1)
       execjs (>= 0.3.0, < 3)
-    unicode-display_width (3.1.2)
+    unicode-display_width (3.1.3)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uri (1.0.2)
@@ -592,9 +601,10 @@ DEPENDENCIES
   lograge (~> 0.11)
   mysql2 (~> 0.5)
   net-ldap (~> 0.16)
-  omniauth (~> 1.9)
-  omniauth-shibboleth (~> 1.1)
+  omniauth (~> 2.0)
+  omniauth-rails_csrf_protection (~> 1.0)
   omniauth-shibboleth-passive (~> 0.1)
+  omniauth-shibboleth-redux (~> 2.0)
   paper_trail (~> 16.0)
   passenger (~> 6.0)
   pry (~> 0.13)
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 6fd769bf..77cdd6d3 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,12 +1,12 @@
 def is_dev_or_test_env?
-  Rails.env.development? || Rails.env.test?
+  Rails.env.local?
 end
 
 class SessionsController < ApplicationController
   skip_before_action :verify_authenticity_token
 
   def new
-    redirect_to "/auth/#{Rails.application.config.omniauth_provider}"
+    @auth_provider = Rails.application.config.omniauth_provider
   end
 
   def create
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
new file mode 100644
index 00000000..c55e0747
--- /dev/null
+++ b/app/views/sessions/new.html.erb
@@ -0,0 +1,15 @@
+<script>
+  const onDOMReady = (fn) => document.readyState === 'loading' ? document.addEventListener('DOMContentLoaded', fn) : fn();
+
+  onDOMReady(() => {
+    document.getElementById('auth-form').submit();
+  });
+</script>
+<%= form_tag("/auth/#{@auth_provider}", method: 'post', id: 'auth-form', data: {turbo: false}) do %>
+  <noscript>
+    <div class="tw-flex tw-flex-col tw-max-w-screen-sm tw-mx-auto tw-justify-center tw-items-center tw-p-4 tw-gap-4">
+      <p>Redirecting to sign in...</p>
+      <button type='submit' class="btn btn-primary tw-text-base">Continue to sign in</button>
+    </div>
+  </noscript>
+<% end %>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 7d731854..b0e7981c 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -16,4 +16,4 @@
 
 OmniAuth.config.logger = Rails.logger
 
-OmniAuth.config.allowed_request_methods = %i[post get]
+OmniAuth.config.allowed_request_methods = %i[post]