--- loncom/auth/lonshibauth.pm	2015/05/17 17:34:43	1.3
+++ loncom/auth/lonshibauth.pm	2021/10/07 15:51:16	1.7
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Redirect Shibboleth authentication to designated URL (/adm/sso).
 #
-# $Id: lonshibauth.pm,v 1.3 2015/05/17 17:34:43 raeburn Exp $
+# $Id: lonshibauth.pm,v 1.7 2021/10/07 15:51:16 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -74,17 +74,29 @@ use LONCAPA qw(:DEFAULT);
 sub handler {
     my $r = shift;
     my $target = '/adm/sso';
-    if (($r->user eq '') && ($r->uri() ne $target)) {
+    if (&Apache::lonnet::get_saml_landing()) {
+        $target = '/adm/login';
+    }
+    my $uri = $r->uri;
+    if (($r->user eq '') && ($uri ne $target) && ($uri ne '/adm/sso')) {
         my $lonhost = $Apache::lonnet::perlvar{'lonHostID'};
         my $hostname = &Apache::lonnet::hostname($lonhost);
         if (!$hostname) { $hostname = $r->hostname(); }
         my $protocol = $Apache::lonnet::protocol{$lonhost};
         unless ($protocol eq 'https') { $protocol = 'http'; }
+        my $alias = &Apache::lonnet::use_proxy_alias($r,$lonhost);
+        if (($alias ne '') &&
+            (&Apache::lonnet::alias_shibboleth($lonhost))) {
+            $hostname = $alias;
+        }
         my $dest = $protocol.'://'.$hostname.$target;
         $r->subprocess_env;
         if ($ENV{'QUERY_STRING'} ne '') {
             $dest .= '?'.$ENV{'QUERY_STRING'};
         }
+        unless (($uri eq '/adm/roles') || ($ENV{'QUERY_STRING'} =~ /origurl=/)) {
+            $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri;
+        }
         $r->header_out(Location => $dest);
         return REDIRECT;
     } else {