diff --git a/config/initializers/authentication.rb b/config/initializers/authentication.rb
index eb6d83f2a..783444631 100644
--- a/config/initializers/authentication.rb
+++ b/config/initializers/authentication.rb
@@ -34,3 +34,10 @@
     warden.failure_app = AuthenticationController
   end
 end
+
+# Monkeypatch omniauth_openid_connect
+class OmniAuth::Strategies::OpenIDConnect
+  def redirect_uri
+    callback_url
+  end
+end
diff --git a/spec/integration/cddo_sso_spec.rb b/spec/integration/cddo_sso_spec.rb
index c6eba5598..d143f8d3e 100644
--- a/spec/integration/cddo_sso_spec.rb
+++ b/spec/integration/cddo_sso_spec.rb
@@ -43,6 +43,18 @@
 
       expect(request.env["warden"].authenticated?).to be true
     end
+
+    it "redirects to the OmniAuth callback URL" do
+      OmniAuth.config.test_mode = false
+
+      allow(Settings.cddo_sso).to receive(:identifier).and_return("foo")
+      allow(Settings.cddo_sso).to receive(:secret).and_return("bar")
+
+      get "/auth/cddo_sso"
+
+      expect(response).to redirect_to %r{^https://sso\.service\.security\.gov\.uk}
+      expect(response).to redirect_to %r{redirect_uri=http%3A%2F%2Fwww\.example\.com%2Fauth%2Fcddo_sso%2Fcallback}
+    end
   end
 
   describe "signing out" do