diff --git a/community/go-engines-community/lib/api/auth/providers/oauth/provider.go b/community/go-engines-community/lib/api/auth/providers/oauth/provider.go
index 9b0873337f..288ad43ed5 100644
--- a/community/go-engines-community/lib/api/auth/providers/oauth/provider.go
+++ b/community/go-engines-community/lib/api/auth/providers/oauth/provider.go
@@ -166,6 +166,10 @@ func (p *provider) Callback(c *gin.Context) {
 		panic(err)
 	}
 
+	if len(session.Values) == 0 {
+		panic(errors.New("session is empty"))
+	}
+
 	// expire auth session
 	session.Options.MaxAge = -1
 	err = session.Save(c.Request, c.Writer)
diff --git a/community/go-engines-community/lib/api/auth/providers/saml/provider.go b/community/go-engines-community/lib/api/auth/providers/saml/provider.go
index d94c60006b..0903e82c84 100644
--- a/community/go-engines-community/lib/api/auth/providers/saml/provider.go
+++ b/community/go-engines-community/lib/api/auth/providers/saml/provider.go
@@ -368,7 +368,7 @@ func (p *provider) SamlAcsHandler() gin.HandlerFunc {
 		query.Set("access_token", accessToken)
 		relayUrl.RawQuery = query.Encode()
 
-		c.Redirect(http.StatusPermanentRedirect, relayUrl.String())
+		c.Redirect(http.StatusSeeOther, relayUrl.String())
 	}
 }
 
diff --git a/community/sources/webcore/src/canopsis-next/config/nginx/default.conf b/community/sources/webcore/src/canopsis-next/config/nginx/default.conf
index 33317d0fd3..b537bd8184 100644
--- a/community/sources/webcore/src/canopsis-next/config/nginx/default.conf
+++ b/community/sources/webcore/src/canopsis-next/config/nginx/default.conf
@@ -124,8 +124,5 @@ server {
                 include /etc/nginx/cors.inc;
                 try_files $uri $uri/ /index.html;
                 error_page 404 /index.html;
-                # Working around SAML auth doing an HTTP request that Nginx
-                # won't accept (issue #3852)
-                error_page 405 =200 $uri;
         }
 }