diff --git a/server/login.go b/server/login.go
index 2ed03d7e6aab93895bff7b3477043b2efa489b09..1007eb2d36f40b783da52f9a3b5452f85a2b5cfe 100644
--- a/server/login.go
+++ b/server/login.go
@@ -5,6 +5,7 @@ import (
 	"encoding/gob"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"html/template"
 	"log"
 	"net/http"
@@ -277,8 +278,9 @@ func (l *loginHandler) makeAuthRequest(w http.ResponseWriter, req *http.Request,
 		Username:    username,
 		Password:    []byte(password),
 		OTP:         otp,
-		U2FResponse: u2fResponse,
 		DeviceInfo:  l.devMgr.GetDeviceInfoFromRequest(w, req),
+		U2FResponse: u2fResponse,
+		U2FAppID:    u2fAppIDFromRequest(req),
 	}
 	return l.authClient.Authenticate(req.Context(), &ar)
 }
@@ -302,3 +304,8 @@ func toJSON(obj interface{}) string {
 	}
 	return string(data)
 }
+
+// Guess the correct U2F AppID from the HTTP request.
+func u2fAppIDFromRequest(r *http.Request) string {
+	return fmt.Sprintf("https://%s", r.Host)
+}