diff --git a/web/core/views.py b/web/core/views.py
index 75ecece..8182ae0 100644
--- a/web/core/views.py
+++ b/web/core/views.py
@@ -54,10 +54,28 @@ EXPECTED_HEADERS = [
 ]
 
 def login_view(request):
+    # If Django session already exists, go straight in
     if request.user.is_authenticated:
         return redirect("search")
-    return redirect("oidc_authentication_init")
 
+    # Auto-start OIDC ONLY on a clean GET to /login/
+    # If ?next= is present, Django is already in a redirect flow — don't loop
+    if request.method == "GET" and "next" not in request.GET:
+        return redirect("oidc_authentication_init")
+
+    # Fallback (rare): render the page so the user can click manually
+    ctx = {}
+
+    if request.method == "POST":
+        u = request.POST.get("username")
+        p = request.POST.get("password")
+        user = authenticate(request, username=u, password=p)
+        if user:
+            login(request, user)
+            return redirect("search")
+        ctx["error"] = "Invalid credentials"
+
+    return render(request, "login.html", ctx)
 
 
 def is_admin(user):