diff --git a/plugins/CasAuthentication/CasAuthenticationPlugin.php b/plugins/CasAuthentication/CasAuthenticationPlugin.php
index 483b060abd..203e5fe420 100644
--- a/plugins/CasAuthentication/CasAuthenticationPlugin.php
+++ b/plugins/CasAuthentication/CasAuthenticationPlugin.php
@@ -137,6 +137,7 @@ class CasAuthenticationPlugin extends AuthenticationPlugin
         $casSettings['server']=$this->server;
         $casSettings['port']=$this->port;
         $casSettings['path']=$this->path;
+        $casSettings['takeOverLogin']=$this->takeOverLogin;
     }
 
     function onPluginVersion(&$versions)
diff --git a/plugins/CasAuthentication/caslogin.php b/plugins/CasAuthentication/caslogin.php
index 390a75d8b4..a66774dc17 100644
--- a/plugins/CasAuthentication/caslogin.php
+++ b/plugins/CasAuthentication/caslogin.php
@@ -54,9 +54,18 @@ class CasloginAction extends Action
                 // We don't have to return to it again
                 common_set_returnto(null);
             } else {
-                $url = common_local_url('all',
-                                    array('nickname' =>
-                                          $user->nickname));
+                if(common_config('site', 'private') && $casSettings['takeOverLogin']) {
+                    //SSO users expect to just go to the URL they entered
+                    //if we don't have a returnto set, the user entered the
+                    //main StatusNet url, so send them there.
+                    $url = common_local_url('public');
+                } else {
+                    //With normal logins (regular form-based username/password),
+                    //the user would expect to go to their home after logging in.
+                    $url = common_local_url('public',
+                                        array('nickname' =>
+                                              $user->nickname));
+                }
             }
 
             common_redirect($url, 303);