diff --git a/app/controllers/api/forward_auth_controller.rb b/app/controllers/api/forward_auth_controller.rb
index ae423c2..643d1c7 100644
--- a/app/controllers/api/forward_auth_controller.rb
+++ b/app/controllers/api/forward_auth_controller.rb
@@ -112,9 +112,22 @@ module Api
       # Set header to help with debugging
       response.headers["X-Auth-Reason"] = reason if reason
 
-      # Return 401 Unauthorized
-      # The reverse proxy should redirect to login
-      head :unauthorized
+      # Get the redirect URL from query params or construct default
+      base_url = params[:rd] || "https://clinch.aapamilne.com"
+
+      # Set the original URL that user was trying to access
+      # This will be used after authentication
+      request_host = request.headers["X-Forwarded-Host"] || request.headers["Host"]
+      original_url = if request_host
+        "https://#{request_host}#{request.fullpath}"
+      else
+        request.fullpath
+      end
+
+      session[:return_to_after_authenticating] = original_url
+
+      # Return 302 redirect to login page
+      redirect_to "#{base_url}/signin", allow_other_host: true
     end
 
     def render_forbidden(reason = nil)
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
deleted file mode 100644
index 8cb373f..0000000
--- a/config/credentials.yml.enc
+++ /dev/null
@@ -1 +0,0 @@
-DxrlTZBeCpuC6si/9Fw1CJc6YR2p7LCIRxlJgTpjvgL+SEH1caIYRHhu5V2JgeqwdXnmoDnKX8cKbzQQSlTyQ7TPKA6qjPKoeHLvDYGCxHNr5mOboa9jPLdsrGrKg5+GA3X/5piNQQfFzHiiSgzkD3pxPRpX1V0MjA5r0wAFuqzSmkOHq5zV46PFX1WDdfUEZocPDrdOmEt2xxmuq+k+csh5SLi73MjHOTz5KWMVUuwISAUTMqSwzoPRpb1H3Dh8+YXhtbJDifIfPu8vfH4qK6C+6+Bi9cH2YwhTblAggqB3lQ1Tkpo4b631MdT7eRT5qwJ+Rr4EfrFHVfcT46QT774Rc8pd2ifLdJqEOSnskWN1BJza1mxrLcb8kI0cV6zCTZI0ChzPI9gR2YZ9CNJCbHZtR+s9LsmnCx2iy3vPVYsLeCU3Qg0+kILVuA/EY+m/bUhPiD5POj73e8ygBnUgU37HLosllBLs5tHPSeF5BYXq9IxLQe+pMaYY--wcVJty2PK9h/klT6--pZOot1WksDZmdWdBHi7s3w==
\ No newline at end of file