WsFederation incorrectly redirecting sign-in to /

I'm trying to use WsFederation on a "SSO Site" to authorize across a family of apps on the same domain. In my test configuration, I have the following setup:

SSO Site

Wtrealm is

Wreply is

Sample App

Wtrealm is

Wreply is

Expected Result

  1. An unauthenticated user navigates to
  2. The user is redirected into the Microsoft SSO login flow for
  3. Login process completes, sends user to
  4. SSO Site application handles redirect back to Sample App site

Actual Result

In step 3 above, /signin-wsfed responds with a 302 pointing at / - that is, the root of

If I go directly to, it completes the login as expected and /signin-wsfed passes control along to my own login controller method. It's only when the request begins at /SampleApp that signin-wsfed responds with the 302 to /

My Question

Why does this 302 to / happen? Is there a way to accomplish what I'm aiming for - using one realm to handle all logins and then send the user back to their desired application when the login completes?

How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum