--- loncom/lontrans.pm	2021/11/03 01:04:03	1.37
+++ loncom/lontrans.pm	2023/06/02 01:20:28	1.41
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # URL translation for User Files
 #
-# $Id: lontrans.pm,v 1.37 2021/11/03 01:04:03 raeburn Exp $
+# $Id: lontrans.pm,v 1.41 2023/06/02 01:20:28 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -40,6 +40,10 @@ sub handler {
     # FIXME line remove when mod_perl fixes BUG#4948
     $r->notes->set('error-notes' => '');
     my $hdrhost = $r->headers_in->get('Host');
+    if (($r->uri eq '/adm/service/passback') ||
+        ($r->uri eq '/adm/service/roster')) {
+        return OK;
+    }
     if ($r->uri=~m{^/raw/}) {
         if ($hdrhost) {
             unless ($hdrhost =~ /^internal\-/) {
@@ -57,6 +61,10 @@ sub handler {
     if ($alias) {
         my $lonhost = $r->dir_config('lonHostID');
         my $hostname = &Apache::lonnet::hostname($lonhost);
+        my $ssourl = '/adm/sso';
+        if ($r->dir_config('lonOtherAuthenUrl') ne '') {
+            $ssourl = $r->dir_config('lonOtherAuthenUrl');
+        }
         if (($hdrhost eq $alias) || ($hdrhost eq $hostname)) {
             my $proxyinfo = &Apache::lonnet::get_proxy_settings($r->dir_config('lonDefDomain'));
             my ($vpnint,$vpnext);
@@ -71,8 +79,8 @@ sub handler {
                     ($r->uri !~ m{^/adm/(lti|launch)/})) {
                     $redirect = $hostname;
                 }
-                if ($r->uri eq '/adm/sso') {
-                    if (&Apache::lonnet::alias_shibboleth($lonhost)) {
+                if ($r->uri eq $ssourl) {
+                    if (&Apache::lonnet::alias_sso($lonhost)) {
                         undef($redirect);
                     } else {
                         $redirect = $hostname;
@@ -93,8 +101,8 @@ sub handler {
                         if (exists($iphost{$remote_ip})) {
                             undef($redirect);
                         }
-                    } elsif ($r->uri eq '/adm/sso') {
-                        unless (&Apache::lonnet::alias_shibboleth($lonhost)) {
+                    } elsif ($r->uri eq $ssourl) {
+                        unless (&Apache::lonnet::alias_sso($lonhost)) {
                             undef($redirect);
                         }
                     }
@@ -105,7 +113,7 @@ sub handler {
                 if (($uri eq '/adm/switchserver') || ($uri =~ m{^/Shibboleth.sso/})) {
                     return DECLINED;
                 }
-                unless (($uri eq '/adm/migrateuser') || ($uri eq '/adm/sso')) {
+                unless (($uri eq '/adm/migrateuser') || ($uri eq $ssourl)) {
                     my %user;
                     my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
                     if (($handle) && ($user{'name'} ne '') && ($user{'domain'} ne '')) {
@@ -272,8 +280,13 @@ sub set_token {
             my %link_info = &Apache::lonnet::tmpget($info{'ltoken'});
             if ($link_info{'linkprot'}) {
                 $info{'linkprot'} = $link_info{'linkprot'};
+                foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') {
+                    if ($link_info{$item} ne '') {
+                        $info{$item} = $link_info{$item};
+                    }
+                }
             }
-            &Apache::lonnet::tmpdel($info{'ltoken'});;
+            &Apache::lonnet::tmpdel($info{'ltoken'});
             delete($info{'ltoken'});
         }
         unless ($info{'role'}) {