diff --git a/app/controllers/orgs_controller.rb b/app/controllers/orgs_controller.rb
index 8e5f617..5170c22 100644
--- a/app/controllers/orgs_controller.rb
+++ b/app/controllers/orgs_controller.rb
@@ -45,30 +45,38 @@
   end
 
   # GET /orgs/shibboleth_ds
+  # ----------------------------------------------------------------
   def shibboleth_ds
+    redirect_to root_path unless current_user.nil?
+    
     @user = User.new
     # Display the custom Shibboleth discovery service page. 
     @orgs = Org.joins(:identifier_schemes).where('identifier_schemes.name = ?', 'shibboleth').sort{|x,y| x.name <=> y.name }
   end
 
   # POST /orgs/shibboleth_ds
+  # ----------------------------------------------------------------
   def shibboleth_ds_passthru
     if !params[:org_name].blank?
       session['org_id'] = params[:org_name]
     elsif session['org_id'].blank?
       flash[:notice] = _('Please choose an institution')
-      render action: 'shibboleth_ds'
+      redirect_to shibboleth_ds_path
     end
     
     scheme = IdentifierScheme.find_by(name: 'shibboleth')
     shib_entity = OrgIdentifier.where(org_id: params[:org_name], identifier_scheme: scheme)
     
     if !shib_entity.empty?
+      # Force SSL
+      url = "#{request.base_url.gsub('http:', 'https:')}#{Rails.application.config.shibboleth_login}"
+      target = "#{user_shibboleth_omniauth_callback_url.gsub('http:', 'https:')}"
+      
       #initiate shibboleth login sequence
-      redirect_to "#{request.base_url}#{Rails.application.config.shibboleth_login}?target=#{user_shibboleth_omniauth_callback_url}&entityID=#{shib_entity.first.identifier}"
+      redirect_to "#{url}?target=#{target}&entityID=#{shib_entity.first.identifier}"
     else
       flash[:notice] = _('Your institution does not seem to be properly configured.')
-      render action: 'shibboleth_ds'
+      redirect_to shibboleth_ds_path
     end
   end