diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm
index f1f2bf42a..d4ad6ef96 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm
@@ -143,6 +143,18 @@ sub _authAndTrace {
         }
     }
     elsif ( $res < 400 ) {
+        if ( $req->wantJSON ) {
+            my %h    = ( $req->spliceHdrs );
+            my $host = $req->env->{HTTP_HOST};
+            if (    $h{Location}
+                and $h{Location} =~ m#^\Q$self->{portal}\E#
+                and $h{Location} !~ m#^https?://$host# )
+            {
+                return [
+                    401, [ 'WWW-Authenticate' => 'SSO ' . $self->{portal} ], []
+                ];
+            }
+        }
         return [ $res, [ $req->spliceHdrs ], [] ];
     }
     else {