diff --git a/httpsso/handler_test.go b/httpsso/handler_test.go
index cccec5f508e45ab8cfb0ebddd3509dbbc3309c11..d6019a3df6fa0fab00e21a61418affa90f3e336c 100644
--- a/httpsso/handler_test.go
+++ b/httpsso/handler_test.go
@@ -46,8 +46,8 @@ func makeAuthRequest(t testing.TB, c *http.Client, base, path, service, domain s
 	if err != nil {
 		t.Fatalf("Get(%s): %v", path, err)
 	}
-	if resp.StatusCode != http.StatusFound {
-		t.Fatalf("Get(%s) expected 302, got %d", path, resp.StatusCode)
+	if resp.StatusCode != http.StatusTemporaryRedirect {
+		t.Fatalf("Get(%s) expected 307, got %d", path, resp.StatusCode)
 	}
 	loc, err := url.Parse(resp.Header.Get("Location"))
 	if err != nil {
@@ -78,8 +78,8 @@ func makeAuthRequest(t testing.TB, c *http.Client, base, path, service, domain s
 	if err != nil {
 		t.Fatal("Get(/sso_login):", err)
 	}
-	if resp.StatusCode != http.StatusFound {
-		t.Fatalf("Get(/sso_login) expected 302, got %d", resp.StatusCode)
+	if resp.StatusCode != http.StatusTemporaryRedirect {
+		t.Fatalf("Get(/sso_login) expected 307, got %d", resp.StatusCode)
 	}
 	resp.Body.Close()
 	if s := resp.Header.Get("Location"); s != destURL {
diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go
index 1fedce4110b2d4543bae7e98b8c2aa53497f8d3c..55fabebb9936445bf5175d4efd00aa85b3b5826c 100644
--- a/proxy/proxy_test.go
+++ b/proxy/proxy_test.go
@@ -99,8 +99,8 @@ func makeAuthRequest(t testing.TB, c *http.Client, base, path, service, domain s
 	if err != nil {
 		t.Fatalf("Get(%s): %v", path, err)
 	}
-	if resp.StatusCode != http.StatusFound {
-		t.Fatalf("Get(%s) expected 302, got %d", path, resp.StatusCode)
+	if resp.StatusCode != http.StatusTemporaryRedirect {
+		t.Fatalf("Get(%s) expected 307, got %d", path, resp.StatusCode)
 	}
 	loc, err := url.Parse(resp.Header.Get("Location"))
 	if err != nil {
@@ -131,8 +131,8 @@ func makeAuthRequest(t testing.TB, c *http.Client, base, path, service, domain s
 	if err != nil {
 		t.Fatal("Get(/sso_login):", err)
 	}
-	if resp.StatusCode != http.StatusFound {
-		t.Fatalf("Get(/sso_login) expected 302, got %d", resp.StatusCode)
+	if resp.StatusCode != http.StatusTemporaryRedirect {
+		t.Fatalf("Get(/sso_login) expected 307, got %d", resp.StatusCode)
 	}
 	resp.Body.Close()
 	if s := resp.Header.Get("Location"); s != destURL {