Index: lams_central/src/java/org/lamsfoundation/lams/web/LoginAsAction.java
===================================================================
diff -u -raca155324b1182b4fc6377e45f366e80f3028a69 -r0191d40366afbe37b485950760632bb0aad9eb62
--- lams_central/src/java/org/lamsfoundation/lams/web/LoginAsAction.java	(.../LoginAsAction.java)	(revision aca155324b1182b4fc6377e45f366e80f3028a69)
+++ lams_central/src/java/org/lamsfoundation/lams/web/LoginAsAction.java	(.../LoginAsAction.java)	(revision 0191d40366afbe37b485950760632bb0aad9eb62)
@@ -49,6 +49,7 @@
  */
 public class LoginAsAction extends Action {
 
+    @Override
     public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request,
 	    HttpServletResponse response) throws Exception {
 
@@ -59,23 +60,22 @@
 	String login = WebUtil.readStrParam(request, "login", false);
 
 	if (service.isUserSysAdmin()) {
-	    if (login != null && login.trim().length() > 0) {
+	    if ((login != null) && (login.trim().length() > 0)) {
 		if (service.getUserByLogin(login) != null) {
-		    
+
 		    // audit log when loginas
 		    UserDTO sysadmin = (UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER);
 		    IAuditService auditService = (IAuditService) ctx.getBean("auditService");
-		    String[] args = new String[]{sysadmin.getLogin() + "(" + sysadmin.getUserID() + ")", login};
+		    String[] args = new String[] { sysadmin.getLogin() + "(" + sysadmin.getUserID() + ")", login };
 		    String message = messageService.getMessage("audit.admin.loginas", args);
 		    auditService.log(CentralConstants.MODULE_NAME, message);
-		    
+
 		    // logout, but not the LAMS shared session; needed by UniversalLoginModule
 		    // to check for sysadmin role
 		    request.getSession().invalidate();
 
-		    // send to index page; the following attribute will be cleared there
-		    request.getSession().setAttribute("login", login);
-		    return (new ActionForward("/index.jsp"));
+		    // redirect to login page
+		    return (new ActionForward("/login.jsp?login=" + login + "&password=dummy"));
 		}
 	    }
 	} else {
Index: lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java
===================================================================
diff -u -r567018f37ff59abaa5c6acf8a50209543857542f -r0191d40366afbe37b485950760632bb0aad9eb62
--- lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java	(.../LoginRequestServlet.java)	(revision 567018f37ff59abaa5c6acf8a50209543857542f)
+++ lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java	(.../LoginRequestServlet.java)	(revision 0191d40366afbe37b485950760632bb0aad9eb62)
@@ -21,6 +21,7 @@
 package org.lamsfoundation.lams.web;
 
 import java.io.IOException;
+import java.net.URLEncoder;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -67,7 +68,7 @@
 
     private static IntegrationService integrationService = null;
 
-    private static final String JNDI_DATASOURCE = "java:/jdbc/lams-ds";
+    private static final String JNDI_DATASOURCE = "java:jboss/datasources/lams-ds";
 
     private static final String PASSWORD_QUERY = "select password from lams_user where login=?";
 
@@ -85,7 +86,6 @@
      * @throws IOException
      *             if an error occurred
      */
-    @SuppressWarnings("unchecked")
     @Override
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 	HttpSession hses = request.getSession(true);
@@ -134,19 +134,19 @@
 			langIsoCode, countryIsoCode, email, prefix, isUpdateUserDetails);
 	    }
 
-	    //in case of request for learner with strict authentication check cache should also contain lsid
+	    // in case of request for learner with strict authentication check cache should also contain lsid
 	    if (LoginRequestDispatcher.METHOD_LEARNER_STRICT_AUTHENTICATION.equals(method)) {
 		String lsId = request.getParameter(LoginRequestDispatcher.PARAM_LESSON_ID);
 		if (lsId == null) {
 		    response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Login Failed - lsId parameter missing");
 		    return;
 		}
 		Authenticator.authenticate(serverMap, timestamp, extUsername, method, lsId, hash);
-		
+
 	    } else {
 		Authenticator.authenticate(serverMap, timestamp, extUsername, method, hash);
 	    }
-	    
+
 	    User user = userMap.getUser();
 	    String login = user.getLogin();
 	    // The "extUser" attribute works as a flag to indicate if the user has logged in
@@ -161,19 +161,24 @@
 	    }
 
 	    if (extCourseId != null) {
-		//check if organisation, ExtCourseClassMap and user roles exist and up-to-date, and if not update them
+		// check if organisation, ExtCourseClassMap and user roles exist and up-to-date, and if not update them
 		getService().getExtCourseClassMap(serverMap, userMap, extCourseId, countryIsoCode, langIsoCode,
 			courseName, method, prefix);
 	    }
 
-	    LoginRequestServlet.log.debug("Session Id - " + hses.getId());
 	    // connect to DB and get password here
 	    String pass = getUserPassword(userMap.getUser().getLogin());
-	    // should post the parameters back so it's little more secure,
-	    // but forward doesn't work, use this until a better method is found
 	    hses.setAttribute("extUser", login);
-	    hses.setAttribute(AttributeNames.USER, user.getUserDTO());
-	    response.sendRedirect("j_security_check?j_username=" + login + "&j_password=" + pass);
+
+	    // check if there is a redirect URL parameter already
+	    String redirectURL = request.getParameter("redirectURL");
+	    if (redirectURL == null) {
+		// if not, get the full URL based on other parameters
+		redirectURL = WebUtil.getBaseServerURL() + LoginRequestDispatcher.getRequestURL(request);
+	    }
+	    redirectURL = URLEncoder.encode(redirectURL, "UTF-8");
+
+	    response.sendRedirect("login.jsp?login=" + login + "&password=" + pass + "&redirectURL=" + redirectURL);
 	} catch (AuthenticationException e) {
 	    LoginRequestServlet.log.error("Authentication error: ", e);
 	    response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Login Failed - authentication error");
@@ -195,7 +200,7 @@
 	    response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
 	}
     }
-    
+
     /**
      * The doPost method of the servlet. <br>
      * 
Index: lams_central/web/login.jsp
===================================================================
diff -u -ra5104812431b3725999b2ee888172f0d489ffe17 -r0191d40366afbe37b485950760632bb0aad9eb62
--- lams_central/web/login.jsp	(.../login.jsp)	(revision a5104812431b3725999b2ee888172f0d489ffe17)
+++ lams_central/web/login.jsp	(.../login.jsp)	(revision 0191d40366afbe37b485950760632bb0aad9eb62)
@@ -1,156 +1,178 @@
-<%@ page language="java"  pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
-<%@ taglib uri="tags-fmt" prefix="fmt" %>
-<%@ taglib uri="tags-core" prefix="c" %>
-<%@ taglib uri="tags-lams" prefix="lams" %>
-<%@ page import="org.lamsfoundation.lams.security.JspRedirectStrategy" %>
-<%@ page import="org.lamsfoundation.lams.util.Configuration" %>
-<%@ page import="org.lamsfoundation.lams.util.ConfigurationKeys" %>
+<%@ page language="java" pageEncoding="UTF-8"
+	contentType="text/html;charset=utf-8"%>
+<%@ taglib uri="tags-fmt" prefix="fmt"%>
+<%@ taglib uri="tags-core" prefix="c"%>
+<%@ taglib uri="tags-lams" prefix="lams"%>
+<%@ page import="org.lamsfoundation.lams.security.JspRedirectStrategy"%>
+<%@ page import="org.lamsfoundation.lams.util.Configuration"%>
+<%@ page import="org.lamsfoundation.lams.util.ConfigurationKeys"%>
 
 <%-- If you change this file, remember to update the copy made for CNG-21 --%>
 
-<%	
-	if (JspRedirectStrategy.loginPageRedirected(request,response))
-	{
+<%
+    if (JspRedirectStrategy.loginPageRedirected(request, response)) {
 		return;
-	}		
-
-	/*String webAuthUser = (String) session.getAttribute("WEBAUTH_USER");
-	if (webAuthUser != null)
-	{
-		response.sendRedirect("j_security_check?j_username=" + webAuthUser + "&j_password=Dummy");	
-	}*/
-	
-	// for sysadmin to be able to login as someone else
-	String login = (String)session.getAttribute("login");
-	if (login!=null) { 
-		session.removeAttribute("login");
-		response.sendRedirect("j_security_check?j_username="+login+"&j_password=dummy");
-	} 
+	}
 %>
+
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <lams:html>
 <!--
 flash is searching for this string, so leave it!:
 j_security_login_page
 -->
+
 <c:set var="encrypt"><%= Configuration.getAsBoolean(ConfigurationKeys.LDAP_ENCRYPT_PASSWORD_FROM_BROWSER) %></c:set>
 <lams:head>
-	<title><fmt:message key="title.login.window"/></title>
-	<lams:css  style="core"/>
+	<title><fmt:message key="title.login.window" /></title>
+	<lams:css style="core" />
 	<link rel="icon" href="<lams:LAMSURL/>/favicon.ico" type="image/x-icon" />
 	<link rel="shortcut icon" href="<lams:LAMSURL/>/favicon.ico" type="image/x-icon" />
-	<script language="javascript" type="text/javascript" src="includes/javascript/browser_detect.js"></script>
-	<script language="JavaScript" type="text/javascript" src="includes/javascript/sha1.js"></script>
-	<script>
-		function submitForm(){
-			  var password=document.loginForm.j_password.value;
-			  <c:if test="${encrypt eq 'true'}">
-			  document.loginForm.j_password.value=hex_sha1(password);
-			  </c:if>
-			  document.loginForm.submit();
+	<script type="text/javascript" src="includes/javascript/browser_detect.js"></script>
+	<script type="text/javascript" src="includes/javascript/sha1.js"></script>
+	<script type="text/javascript">
+		var password = '${param.password}',
+			// if password came as a parameter, it is already encrypted
+			encrypt = password ? false : ${encrypt};
+
+		function submitForm() {
+			var password = document.loginForm.j_password.value;
+			if (encrypt) {
+				document.loginForm.j_password.value = hex_sha1(password);
+			}
+			document.loginForm.submit();
 		}
-		
-		function onEnter(event){
+
+		function onEnter(event) {
 			intKeyCode = event.keyCode;
 			if (intKeyCode == 13) {
 				submitForm();
 			}
 		}
-		
 	</script>
 </lams:head>
 
-<body class="stripes" onLoad="self.focus();document.loginForm.j_username.focus()">
-	<div id="login-page"><!--main box 'page'-->
-	
+<body class="stripes"
+	onLoad="self.focus();document.loginForm.j_username.focus()">
+	<div id="login-page">
+		<!--main box 'page'-->
 		<h1 class="no-tabs-below">&nbsp;</h1>
-		
-		<div id="login-header">
-		
-		</div><!--closes header-->
-	
-	
-	
-	  <div id="login-content">	
-		   
-			  <div id="login-left-col">
-			    <h1><img src="<lams:LAMSURL/>/www/images/lams_login.gif" alt="LAMS - Learning Activity Management System" /></h1>
-			  	<!--Test if the browsers meets requirements-->
-			  	<script language="JavaScript" type="text/javascript">
-			  		<!--			  		
-						if(isBrowserNotCompatible()) {
-							// incompatible browser - show warning message
-							document.write('<div class=\"warning\"><fmt:message key="msg.browser.compat"/> <a href=\"http://getfirefox.com\" target=\"_blank\"><img src=\"images/firefox_logo.png\"></a>');
-							document.write('<br></div>');
-						}
-						
-						function isBrowserNotCompatible() {
-							if(ie7 || ie8 || ie9 || ie10 ) return false; // IE8-IE10
-							else if(saf4) return false; //Safari4
-							else if(chrome) return false; //Chrome
-							else if(ie5xwin || ie5 || ie4 || ie5mac || ie5x || ie6) return true;
-							else if(saf) return true; // Safari
-							else if(op) return true;	// Opera
-							else if(moz) 
-								if((moz_brow.indexOf("Firefox") != -1) && (moz_brow_nu >= 1.5)) return false;	// Firefox 1.5+
-							else return true;
-						}
-						
-					//-->
-				</script>
- 				<%try{%>
-		  			<c:import context="/lams/www" url="/news.html" charEncoding="utf-8" />
-		  		<%}catch(Exception e){e.printStackTrace();}%>
-			  </div>
-				<!--closes left col-->
+
+		<div id="login-header"></div>
+		<!--closes header-->
+
+		<div id="login-content">
+			<div id="login-left-col">
+				<h1>
+					<img src="<lams:LAMSURL/>/www/images/lams_login.gif"
+						 alt="LAMS - Learning Activity Management System" />
+				</h1>
 				
-				<div id="login-right-col">
-				<p class="version"><fmt:message key="msg.LAMS.version"/> <%= Configuration.get(ConfigurationKeys.VERSION) %></p>
-				 <h2><fmt:message key="button.login"/></h2>
-				 <form action="j_security_check" method="post" name="loginForm" id="loginForm">
+				<!--Test if the browsers meets requirements-->
+				<script type="text/javascript">
+					if(isBrowserNotCompatible()) {
+						// incompatible browser - show warning message
+						document.write('<div class=\"warning\"><fmt:message key="msg.browser.compat"/> <a href=\"http://getfirefox.com\" target=\"_blank\"><img src=\"images/firefox_logo.png\"></a>');
+						document.write('<br></div>');
+					}
+					
+					function isBrowserNotCompatible() {
+						if(ie7 || ie8 || ie9 || ie10 ) return false; // IE8-IE10
+						else if(saf4) return false; //Safari4
+						else if(chrome) return false; //Chrome
+						else if(ie5xwin || ie5 || ie4 || ie5mac || ie5x || ie6) return true;
+						else if(saf) return true; // Safari
+						else if(op) return true;	// Opera
+						else if(moz) 
+							if((moz_brow.indexOf("Firefox") != -1) && (moz_brow_nu >= 1.5)) return false;	// Firefox 1.5+
+						else return true;
+					}
+				</script>
+				<%
+				    try {
+				%>
+				<c:import context="/lams/www" url="/news.html" charEncoding="utf-8" />
+				<%
+				    } catch (Exception e) {
+						e.printStackTrace();
+					}
+				%>
+			</div>
+			<!--closes left col-->
+
+			<div id="login-right-col">
+				<p class="version">
+					<fmt:message key="msg.LAMS.version" />
+					<%=Configuration.get(ConfigurationKeys.VERSION)%></p>
+				<h2>
+					<fmt:message key="button.login" />
+				</h2>
+				<form action="j_security_check" method="post" name="loginForm" id="loginForm">
 					<c:if test="${!empty param.failed}">
 						<div class="warning-login">
-							<fmt:message key="error.login"/>
+							<fmt:message key="error.login" />
 						</div>
-					</c:if>	
-				 <p class="first"><fmt:message key="label.username"/>: 
-				   <input name="j_username" type="text" size="16" style="width:125px" tabindex="1" onkeypress="onEnter(event)"/>
-				  </p>
-				 <p><fmt:message key="label.password"/>: 
-				   <input name="j_password" type="password" size="16" style="width:125px" autocomplete="off" tabindex="2" onkeypress="onEnter(event)"/>
-				  </p>
+					</c:if>
+					
+					<input type="hidden" name="redirectURL" value='${param.redirectURL}'/>
+					
+					<p class="first">
+						<fmt:message key="label.username" />
+						: <input name="j_username" type="text" size="16"
+							style="width: 125px" tabindex="1"
+							value="${param.login}"
+							onkeypress="onEnter(event)" />
+					</p>
+					
+					<p>
+						<fmt:message key="label.password" />
+						: <input name="j_password" type="password" size="16"
+							style="width: 125px" autocomplete="off" tabindex="2"
+							value="${param.password}"
+							onkeypress="onEnter(event)" />
+					</p>
+					
 					<p class="login-button">
-					 <a id="loginButton" href="javascript:submitForm()" class="button" tabindex="3"/><fmt:message key="button.login"/></a>
-					 </p>
-				</form>	
+						<a id="loginButton" href="javascript:submitForm()" class="button"
+							tabindex="3" />
+						<fmt:message key="button.login" />
+						</a>
+					</p>
+				</form>
 				<p class="login-button">
-				   <a href="<lams:LAMSURL/>forgotPassword.jsp">
-                    <fmt:message key="label.forgot.password"/>
-                   </a>
-				   <br/>
-				   <a href="<lams:LAMSURL/>/www/help/troubleshoot-<%=Configuration.get(ConfigurationKeys.SERVER_LANGUAGE)%>.pdf">
-                    <fmt:message key="label.help"/>
-                   </a>
-				</p>   
-				</div><!--closes right col-->
-	 
-	  <div class="clear"></div><!-- forces the CSS to display the columns-->
-	
-	  </div>  <!--closes content-->
+					<a href="<lams:LAMSURL/>forgotPassword.jsp"> <fmt:message
+							key="label.forgot.password" />
+					</a> <br /> <a
+						href="<lams:LAMSURL/>/www/help/troubleshoot-<%=Configuration.get(ConfigurationKeys.SERVER_LANGUAGE)%>.pdf">
+						<fmt:message key="label.help" />
+					</a>
+				</p>
+			</div>
+			<!--closes right col-->
 
-		<div id="footer">
-		
-		<p>			<fmt:message key="msg.LAMS.version" /> <%=Configuration.get(ConfigurationKeys.VERSION)%>
-			<a href="<lams:LAMSURL/>/www/copyright.jsp" target='copyright' onClick="openCopyRight()">
-				&copy; <fmt:message key="msg.LAMS.copyright.short" /> 
-			</a>
-		</p>
-		
-	  </div><!--closes footer-->
-		
-	</div><!--closes page-->
+			<div class="clear"></div>
+			<!-- forces the CSS to display the columns-->
+		</div>
+		<!--closes content-->
 
+		<div id="footer">
+			<p>
+				<fmt:message key="msg.LAMS.version" />
+				<%=Configuration.get(ConfigurationKeys.VERSION)%>
+				<a href="<lams:LAMSURL/>/www/copyright.jsp" target='copyright' onClick="openCopyRight()">
+					&copy; <fmt:message key="msg.LAMS.copyright.short" />
+				</a>
+			</p>
+		</div>
+		<!--closes footer-->
+	</div>
+	<!--closes page-->
+	
+	<script type="text/javascript">
+		// if login was set as a parameter, do auto-submit right away
+		if ('${param.login}') {
+			submitForm();
+		}
+	</script>
 </body>
-
-
-</lams:html>
+</lams:html>
\ No newline at end of file
Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoProducer.java
===================================================================
diff -u -r9da35349a62686e5112d5be703c9047c48d88467 -r0191d40366afbe37b485950760632bb0aad9eb62
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoProducer.java	(.../SsoProducer.java)	(revision 9da35349a62686e5112d5be703c9047c48d88467)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoProducer.java	(.../SsoProducer.java)	(revision 0191d40366afbe37b485950760632bb0aad9eb62)
@@ -25,10 +25,15 @@
 import io.undertow.server.HandlerWrapper;
 import io.undertow.server.HttpHandler;
 import io.undertow.server.HttpServerExchange;
+import io.undertow.server.session.Session;
 import io.undertow.servlet.ServletExtension;
 import io.undertow.servlet.api.DeploymentInfo;
 import io.undertow.servlet.handlers.ServletRequestContext;
+import io.undertow.servlet.spec.HttpSessionImpl;
+import io.undertow.util.Methods;
 
+import java.security.AccessController;
+
 import javax.servlet.ServletContext;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
@@ -44,11 +49,12 @@
  *
  */
 public class SsoProducer implements ServletExtension {
-    private final static String SSO_ATTRIBUTE_NAME = "ssoAccount";
+    protected static final String SSO_ATTRIBUTE_NAME = "ssoAccount";
 
+    protected static final String SESSION_KEY = "io.undertow.servlet.form.auth.redirect.location";
+
     @Override
     public void handleDeployment(final DeploymentInfo deploymentInfo, final ServletContext servletContext) {
-
 	// run when request and response were already parsed, but before security handlers
 	deploymentInfo.addOuterHandlerChainWrapper(new HandlerWrapper() {
 	    @Override
@@ -61,20 +67,57 @@
 			HttpServletRequest request = (HttpServletRequest) context.getServletRequest();
 			ServletResponse response = context.getServletResponse();
 
+			// LoginRequestServlet (integrations) sets this parameter
+			String redirectURL = request.getParameter("redirectURL");
+			if (redirectURL != null) {
+			    SsoProducer.handleRedirectBack(context, redirectURL);
+			}
+
 			// create session so UniversalLoginModule can access it
 			SessionManager.startSession(request, response);
 			// do the logging in UniversalLoginModule
+			exchange.setRequestMethod(Methods.POST);
 			handler.handleRequest(exchange);
 
 			HttpSession session = SessionManager.getSession();
 			// get the just-logged-in user account and put it in the shared session
 			Account account = exchange.getSecurityContext().getAuthenticatedAccount();
-			session.setAttribute(SsoProducer.SSO_ATTRIBUTE_NAME, account);
+			if (account == null) {
+			    session.removeAttribute(SsoProducer.SSO_ATTRIBUTE_NAME);
+			} else {
+			    session.setAttribute(SsoProducer.SSO_ATTRIBUTE_NAME, account);
+			    if (redirectURL != null) {
+				// there is a good chance that the redirectURL parameter came from integrations
+				// if so, and the log in failed, remove the parameter so it can be attempted again
+				HttpSession hses = request.getSession(false);
+				if (hses != null) {
+				    hses.removeAttribute("extUser");
+				}
+			    }
+			}
 
 			SessionManager.endSession();
 		    }
 		});
 	    }
 	});
     }
+
+    /**
+     * Notifies authentication mechanism where it should redirect after log in. Based on
+     * ServletFormAuthenticationMechanism method.
+     */
+    protected static void handleRedirectBack(ServletRequestContext context, String redirectURL) {
+	HttpSessionImpl httpSession = context.getCurrentServletContext().getSession(context.getExchange(), false);
+	if (httpSession != null) {
+	    Session session;
+	    if (System.getSecurityManager() == null) {
+		session = httpSession.getSession();
+	    } else {
+		session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
+	    }
+
+	    session.setAttribute(SsoProducer.SESSION_KEY, redirectURL);
+	}
+    }
 }
\ No newline at end of file