--- loncom/auth/lonshibauth.pm	2021/10/26 15:52:54	1.11
+++ loncom/auth/lonshibauth.pm	2021/11/03 01:04:02	1.12
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Redirect Shibboleth authentication to designated URL (/adm/sso).
 #
-# $Id: lonshibauth.pm,v 1.11 2021/10/26 15:52:54 raeburn Exp $
+# $Id: lonshibauth.pm,v 1.12 2021/11/03 01:04:02 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -98,19 +98,18 @@ sub handler {
              }
         } else {
             my $uri = $r->uri;
-            if ($r->args ne '') {
-                $dest .= (($dest=~/\?/)?'&':'?').$r->args;
-            }
-            unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) {
-                unless ($r->args =~ /origurl=/) {
-                    $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri;
-                }
-            }
             if ($uri =~ m{^/tiny/$match_domain/\w+$}) {
-                unless (($r->args =~ /ltoken=/) || ($r->args =~ /linkkey=/)) {
-                    &Apache::lonacc::get_posted_cgi($r,['linkkey']);
-                    if ($env{'form.linkkey'} ne '') {
-                        $dest.=(($dest=~/\?/)?'&':'?').'linkkey='.$env{'form.linkkey'};
+                my $querystring = &set_token($r,$lonhost);
+                if ($querystring ne '') {
+                    $dest .= '?'.$querystring;
+                }
+            } else {
+                if ($r->args ne '') {
+                    $dest .= (($dest=~/\?/)?'&':'?').$r->args;
+                }
+                unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) {
+                    unless ($r->args =~ /origurl=/) {
+                        $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri;
                     }
                 }
             }
@@ -134,8 +133,18 @@ sub set_token {
         &Apache::loncommon::get_unprocessed_cgi($r->args);
     }
     if ($r->uri =~ m{^/tiny/$match_domain/\w+$}) {
-        unless (($env{'form.ltoken'}) || ($env{'form.linkkey'})) {
-            &Apache::lonacc::get_posted_cgi($r,['linkkey']);
+        if ($env{'form.ttoken'}) {
+            my %info = &Apache::lonnet::tmpget($env{'form.ttoken'});
+            &Apache::lonnet::tmpdel($env{'form.ttoken'});
+            if ($info{'ltoken'}) {
+                $env{'form.ltoken'} = $info{'ltoken'};
+            } elsif ($info{'linkkey'} ne '') {
+                $env{'form.linkkey'} = $info{'linkkey'};
+            }
+        } else {
+            unless (($env{'form.ltoken'}) || ($env{'form.linkkey'})) {
+                &Apache::lonacc::get_posted_cgi($r,['linkkey']);
+            }
         }
     }
     my $extras;
@@ -143,6 +152,7 @@ sub set_token {
         if ($env{'form.'.$name} ne '') {
             if ($name eq 'ltoken') {
                 my %info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+                &Apache::lonnet::tmpdel($env{'form.ltoken'});
                 if ($info{'linkprot'}) {
                     $extras .= '&linkprot='.&escape($info{'linkprot'});
                     last;
@@ -162,7 +172,7 @@ sub set_token {
         foreach my $key (sort(keys(%env))) {
             if ($key =~ /^form\.(.+)$/) {
                 my $name = $1;
-                next if ($token{$name});
+                next if (($token{$name}) || ($name eq 'ttoken'));
                 $querystring .= '&'.$name.'='.$env{$key};
             }
         }