diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index bfd2d7c568b..45f2ab46f41 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -46,6 +46,12 @@ class SessionController < ApplicationController
         sso.external_id = current_user.id.to_s
         sso.admin = current_user.admin?
         sso.moderator = current_user.moderator?
+
+        if sso.return_sso_url.blank?
+          render text: "return_sso_url is blank, it must be provided", status: 400
+          return
+        end
+
         if request.xhr?
           cookies[:sso_destination_url] = sso.to_url(sso.return_sso_url)
         else