--- loncom/auth/lonshibauth.pm	2021/09/21 22:54:26	1.6
+++ loncom/auth/lonshibauth.pm	2021/10/07 18:52:03	1.8
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Redirect Shibboleth authentication to designated URL (/adm/sso).
 #
-# $Id: lonshibauth.pm,v 1.6 2021/09/21 22:54:26 raeburn Exp $
+# $Id: lonshibauth.pm,v 1.8 2021/10/07 18:52:03 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -85,14 +85,25 @@ sub handler {
         my $protocol = $Apache::lonnet::protocol{$lonhost};
         unless ($protocol eq 'https') { $protocol = 'http'; }
         my $alias = &Apache::lonnet::use_proxy_alias($r,$lonhost);
-        $hostname = $alias if ($alias ne '');
+        if (($alias ne '') &&
+            (&Apache::lonnet::alias_shibboleth($lonhost))) {
+            $hostname = $alias;
+        }
         my $dest = $protocol.'://'.$hostname.$target;
         $r->subprocess_env;
         if ($ENV{'QUERY_STRING'} ne '') {
             $dest .= '?'.$ENV{'QUERY_STRING'};
         }
-        unless (($uri eq '/adm/roles') || ($ENV{'QUERY_STRING'} =~ /origurl=/)) {
-            $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri;
+        unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) {
+            if ($target eq '/adm/login') {
+                unless ($ENV{'QUERY_STRING'} =~ /firsturl=/) {
+                    $dest.=(($dest=~/\?/)?'&':'?').'firsturl='.$uri;
+                }
+            } else {
+                unless ($ENV{'QUERY_STRING'} =~ /origurl=/)) {
+                    $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri;
+                }
+            }
         }
         $r->header_out(Location => $dest);
         return REDIRECT;