--- loncom/auth/lonacc.pm	2013/12/13 02:10:27	1.149
+++ loncom/auth/lonacc.pm	2014/01/30 12:15:12	1.153
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.149 2013/12/13 02:10:27 raeburn Exp $
+# $Id: lonacc.pm,v 1.153 2014/01/30 12:15:12 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -264,10 +264,13 @@ sub upload_size_allowed {
 =item sso_login()
 
 	handle the case of the single sign on user, at this point $r->user 
-	will be set and valid now need to find the loncapa user info, and possibly
+	will be set and valid; now need to find the loncapa user info, and possibly
 	balance them. If $r->user() is set this means either it was either set by
-        SSO or by checkauthen.pm if a valid cookie was found. The latter case can
-        be identified by the third arg ($usename).
+        SSO or by checkauthen.pm, if a valid cookie was found. The latter case can
+        be identified by the third arg ($usename), except when lonacc is called in 
+        an internal redirect to /adm/switchserver (e.g., load-balancing following
+        successful authentication) -- no cookie set yet.  For that particular case
+        simply skip the call to sso_login(). 
 
 	returns OK if it was SSO and user was handled.
         returns undef if not SSO or no means to handle the user.
@@ -361,6 +364,11 @@ sub sso_login {
                     $info{$item} = $form{$item};
                 }
             }
+            unless ($info{'symb'}) {
+                unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/sso')) {
+                    $info{'origurl'} = $r->uri; 
+                }
+            }
             if ($r->dir_config("ssodirecturl") == 1) {
                 $info{'origurl'} = $r->uri;
             }
@@ -394,11 +402,13 @@ sub sso_login {
             }
         }
         if (grep(/^sso$/,@cancreate)) {
-            $r->internal_redirect('/adm/createaccount');
+            $r->set_handlers('PerlHandler'=>
+                     [\&Apache::createaccount::handler]);
+            $r->handler('perl-script');
         } else {
 	    $r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));
+            $r->set_handlers('PerlHandler'=> undef);
         }
-	$r->set_handlers('PerlHandler'=> undef);
 	return OK;
     }
     return undef;
@@ -419,9 +429,11 @@ sub handler {
     my %user;
     my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
 
-    my $result = &sso_login($r,$handle,$user{'name'});
-    if (defined($result)) {
-	return $result;
+    unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
+        my $result = &sso_login($r,$handle,$user{'name'});
+        if (defined($result)) {
+	    return $result;
+        }
     }
 
     my ($is_balancer,$otherserver);
@@ -520,6 +532,10 @@ sub handler {
             if ($otherserver ne '') {
                 $env{'form.otherserver'} = $otherserver;
             }
+            unless (($env{'form.origurl'}) || ($r->uri eq '/adm/roles') ||
+                    ($r->uri eq '/adm/switchserver') || ($r->uri eq '/adm/sso')) {
+                $env{'form.origurl'} = $r->uri;
+            }
         }
 
 # ---------------------------------------------------------------- Check access