This caused the SSO server to generate bad form links, which caused a 302, preventing POST requests to succeed.