diff --git a/modules/portal/app/actions/ApiAction.scala b/modules/portal/app/actions/ApiAction.scala
index 4045172e0..0895c74ee 100644
--- a/modules/portal/app/actions/ApiAction.scala
+++ b/modules/portal/app/actions/ApiAction.scala
@@ -44,7 +44,7 @@ class LegacyApiAction @Inject() (
   override val logger = LoggerFactory.getLogger(classOf[LegacyApiAction])
   implicit val executionContext: ExecutionContext = scala.concurrent.ExecutionContext.global
 
-  def notLoggedInResult: Future[Result] =
+  def notLoggedInResult(requestURI: String): Future[Result] =
     Future.successful(
       Unauthorized("You are not logged in. Please login to continue.").withHeaders(cacheHeaders: _*)
     )
diff --git a/modules/portal/app/actions/FrontendAction.scala b/modules/portal/app/actions/FrontendAction.scala
index 315dc7338..b945e2ac2 100644
--- a/modules/portal/app/actions/FrontendAction.scala
+++ b/modules/portal/app/actions/FrontendAction.scala
@@ -43,9 +43,9 @@ class LegacyFrontendAction(
   override val logger = LoggerFactory.getLogger(classOf[LegacyFrontendAction])
   implicit val executionContext: ExecutionContext = scala.concurrent.ExecutionContext.global
 
-  def notLoggedInResult: Future[Result] =
+  def notLoggedInResult(requestURI: String): Future[Result] =
     Future.successful(
-      Redirect("/login")
+      Redirect(s"/login?target=$requestURI")
         .flashing(VinylDNS.Alerts.error("You are not logged in. Please login to continue."))
         .withNewSession
         .withHeaders(cacheHeaders: _*)
diff --git a/modules/portal/app/actions/LegacySecuritySupport.scala b/modules/portal/app/actions/LegacySecuritySupport.scala
index 41b87aa7c..58dfd855f 100644
--- a/modules/portal/app/actions/LegacySecuritySupport.scala
+++ b/modules/portal/app/actions/LegacySecuritySupport.scala
@@ -45,10 +45,10 @@ class LegacySecuritySupport @Inject() (
     implicit request =>
       if (oidcAuthenticator.oidcEnabled) {
         request.session.get(VinylDNS.ID_TOKEN) match {
-          case Some(_) => Redirect("/index")
+          case Some(_) => Redirect(request.getQueryString("target").getOrElse("/index"))
           case None =>
             logger.info(s"No ${VinylDNS.ID_TOKEN} in session; Initializing oidc login")
-            Redirect(oidcAuthenticator.getCodeCall.toString, 302)
+            Redirect(oidcAuthenticator.getCodeCall(request.uri).toString, 302)
         }
       } else {
         request.session.get("username") match {
diff --git a/modules/portal/app/actions/VinylDnsAction.scala b/modules/portal/app/actions/VinylDnsAction.scala
index 1ef03b377..aae94c22d 100644
--- a/modules/portal/app/actions/VinylDnsAction.scala
+++ b/modules/portal/app/actions/VinylDnsAction.scala
@@ -34,7 +34,7 @@ trait VinylDnsAction extends ActionFunction[Request, UserRequest] {
 
   implicit val executionContext: ExecutionContext
 
-  def notLoggedInResult: Future[Result]
+  def notLoggedInResult(requestURI: String): Future[Result]
 
   def cantFindAccountResult(un: String): Future[Result]
 
@@ -62,7 +62,7 @@ trait VinylDnsAction extends ActionFunction[Request, UserRequest] {
     userName match {
       case None =>
         logger.info("User is not logged in or token expired; redirecting to login screen")
-        notLoggedInResult
+        notLoggedInResult(request.uri)
 
       case Some(un) =>
         // user name in session, let's get it from the repo
diff --git a/modules/portal/app/controllers/OidcAuthenticator.scala b/modules/portal/app/controllers/OidcAuthenticator.scala
index 7be57d3b0..6897453b8 100644
--- a/modules/portal/app/controllers/OidcAuthenticator.scala
+++ b/modules/portal/app/controllers/OidcAuthenticator.scala
@@ -105,10 +105,10 @@ class OidcAuthenticator @Inject() (wsClient: WSClient, configuration: Configurat
     processor
   }
 
-  def getCodeCall: Uri = {
+  def getCodeCall(requestURI: String): Uri = {
     val nonce = new Nonce()
     val loginId = UUID.randomUUID().toString
-    val redirectUri = s"${oidcInfo.redirectUri}/callback/$loginId"
+    val redirectUri = s"${oidcInfo.redirectUri}/callback/${loginId}:${java.util.Base64.getEncoder.encodeToString(requestURI.getBytes)}"
 
     val query = Query(
       "client_id" -> oidcInfo.clientId,
@@ -247,7 +247,7 @@ class OidcAuthenticator @Inject() (wsClient: WSClient, configuration: Configurat
       implicit executionContext: ExecutionContext
   ): EitherT[IO, ErrorResponse, JWTClaimsSet] =
     EitherT {
-      val redirectUriString = s"${oidcInfo.redirectUri}/callback/$loginId"
+      val redirectUriString = s"${oidcInfo.redirectUri}/callback/${loginId}"
       val redirectUri = new URI(redirectUriString)
       val codeGrant = new AuthorizationCodeGrant(code, redirectUri)
       val request = new TokenRequest(tokenEndpoint, clientAuth, codeGrant)
diff --git a/modules/portal/app/controllers/VinylDNS.scala b/modules/portal/app/controllers/VinylDNS.scala
index eefb23cc0..a64e5ad77 100644
--- a/modules/portal/app/controllers/VinylDNS.scala
+++ b/modules/portal/app/controllers/VinylDNS.scala
@@ -42,7 +42,7 @@ import vinyldns.core.logging.RequestTracing
 import scala.collection.JavaConverters._
 import scala.concurrent.ExecutionContext.Implicits.global
 import scala.concurrent.Future
-import scala.util.Try
+import scala.util.{Failure, Success, Try}
 
 object VinylDNS {
 
@@ -157,14 +157,24 @@ class VinylDNS @Inject() (
           logger.info(
             s"LoginId [$loginId] complete: --LOGIN-- user [${user.userName}] logged in with id ${user.id}"
           )
-          Redirect("/index").withSession(ID_TOKEN -> token.toString)
+
+          val redirectLocation =
+            Try {
+              new String(java.util.Base64.getDecoder.decode(loginId.split(":").last))
+            } match {
+              case Success(x) => x
+              case Failure(_) => "/index"
+            }
+
+          Redirect(redirectLocation).withSession(ID_TOKEN -> token.toString)
         case Left(err) =>
           logger.error(s"LoginId [$loginId] failed with error: $err")
           InternalServerError(
-            views.html.systemMessage("""
-              |There was an issue when logging in.
-              |<a href="/index">Please try again by clicking this link.</a>
-              |If the issue persists, contact your VinylDNS Administrators
+            views.html.systemMessage(
+              """
+                |There was an issue when logging in.
+                |<a href="/index">Please try again by clicking this link.</a>
+                |If the issue persists, contact your VinylDNS Administrators
             """.stripMargin)
           ).withNewSession
       }
diff --git a/modules/portal/app/views/setOidcSession.scala.html b/modules/portal/app/views/setOidcSession.scala.html
index 76bfda744..43ef9f1f1 100644
--- a/modules/portal/app/views/setOidcSession.scala.html
+++ b/modules/portal/app/views/setOidcSession.scala.html
@@ -1,18 +1,25 @@
 @(setSessionUrl: String)(implicit requestHeader: RequestHeader)
 <!DOCTYPE html>
 <html lang="en" class="body-full-height">
-<head>
-    <!-- META SECTION -->
+  <head>
+      <!-- META SECTION -->
     <title>Login</title>
     <meta name="google" content="notranslate" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta id="oidc" content="@setSessionUrl" />
-    <!-- END META SECTION -->
-</head>
-<body>
+      <!-- END META SECTION -->
+  </head>
+  <body>
     <a href="@{setSessionUrl}">Finishing login, if not redirected, click this link</a>
-@*    <script src="/public/js/vinyldns.js"></script>*@
-</body>
+    <script>
+      window.setTimeout(function() {
+        let element = document.getElementById('oidc');
+        if (element != null) {
+          window.location = element.getAttribute('content');
+        }
+      }, 0);
+    </script>
+  </body>
 </html>
diff --git a/version.sbt b/version.sbt
index 0c3cb71c8..5edf68423 100644
--- a/version.sbt
+++ b/version.sbt
@@ -1 +1 @@
-version in ThisBuild := "0.10.2"
+version in ThisBuild := "0.10.3"