diff --git a/src/app/auth/auth.guard.ts b/src/app/auth/auth.guard.ts
index 29e6f87..1ea547f 100644
--- a/src/app/auth/auth.guard.ts
+++ b/src/app/auth/auth.guard.ts
@@ -2,6 +2,7 @@ import {ActivatedRouteSnapshot, Router, RouterStateSnapshot, UrlTree} from '@ang
 
 import {KeycloakAuthGuard, KeycloakService} from 'keycloak-angular';
 import {Injectable} from '@angular/core';
+import {Location} from "@angular/common";
 
 @Injectable({
   providedIn: 'root',
@@ -9,7 +10,8 @@ import {Injectable} from '@angular/core';
 export class AppAuthGuard extends KeycloakAuthGuard {
 
   constructor(protected override readonly router: Router,
-              protected readonly keycloak: KeycloakService) {
+              protected readonly keycloak: KeycloakService,
+              private readonly location: Location) {
     super(router, keycloak);
   }
 
@@ -17,7 +19,7 @@ export class AppAuthGuard extends KeycloakAuthGuard {
     // Force the user to log in if currently unauthenticated.
     if (!this.authenticated || this.keycloak.isTokenExpired()) {
       await this.keycloak.login({
-        redirectUri: window.location.origin + state.url,
+        redirectUri: `${window.location.origin}${this.location.prepareExternalUrl(state.url)}`,
       });
     }
 
diff --git a/src/main.ts b/src/main.ts
index 33def45..50eac33 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -12,8 +12,9 @@ import {provideAnimations} from "@angular/platform-browser/animations";
 import {HTTP_INTERCEPTORS, provideHttpClient, withInterceptorsFromDi} from "@angular/common/http";
 import {ROOT_ROUTES} from "./app/app.routes";
 import "@angular/localize/init";
+import {Location} from "@angular/common";
 
-function initializeKeycloak(keycloak: KeycloakService) {
+function initializeKeycloak(keycloak: KeycloakService, locationService: Location) {
   return () =>
     keycloak.init({
       config: {
@@ -23,8 +24,7 @@ function initializeKeycloak(keycloak: KeycloakService) {
       },
       initOptions: {
         onLoad: 'check-sso',
-        silentCheckSsoRedirectUri:
-          window.location.origin + '/assets/silent-check-sso.html',
+        silentCheckSsoRedirectUri:`${window.location.origin}${locationService.prepareExternalUrl('/assets/silent-check-sso.html')}`,
         flow: "standard"
       },
       shouldAddToken: (request) => {
@@ -41,7 +41,7 @@ bootstrapApplication(AppComponent, {
       provide: APP_INITIALIZER,
       useFactory: initializeKeycloak,
       multi: true,
-      deps: [KeycloakService],
+      deps: [KeycloakService, Location],
     },
     provideRouter(ROOT_ROUTES,
       withComponentInputBinding()),