diff --git a/simplesamlphp_auth.module b/simplesamlphp_auth.module
index c8a605d..34e26f4 100644
--- a/simplesamlphp_auth.module
+++ b/simplesamlphp_auth.module
@@ -199,6 +199,12 @@ function simplesamlphp_auth_form_user_login_form_alter(&$form, FormStateInterfac
       'class' => ['simplesamlphp-auth-login-link'],
     ],
   ];
+
+  if (Drupal::request()->query->has('destination')) {
+    $destination = \Drupal::destination()->getAsArray();
+    $form['simplesamlphp_auth_login_link']['#options']['query'] = $destination;
+  }
+
 }
 
 /**
diff --git a/src/Controller/SimplesamlphpAuthController.php b/src/Controller/SimplesamlphpAuthController.php
index 8a084f2..69a159a 100644
--- a/src/Controller/SimplesamlphpAuthController.php
+++ b/src/Controller/SimplesamlphpAuthController.php
@@ -150,6 +150,16 @@ class SimplesamlphpAuthController extends ControllerBase implements ContainerInj
     if (($return_to = $request->query->get('ReturnTo')) ||
         ($return_to = $request->request->get('ReturnTo')) ||
         ($return_to = $request->server->get('HTTP_REFERER'))) {
+
+      // Check if link is internal then append the current host.
+      if (!UrlHelper::isExternal($return_to)) {
+        $return_to = strpos($return_to, '/') == 0 ? $return_to : '/' . $return_to;
+        $return_to = \Drupal::request()->getSchemeAndHttpHost() . $return_to;
+
+      }
+
+      // Check if path is valid and the external link points to this
+      // installation.  Redirecting to another installation is not allowed.
       if ($this->pathValidator->isValid($return_to) && UrlHelper::externalIsLocal($return_to, $base_url)) {
         $redirect = $return_to;
       }