diff --git a/routes/root.js b/routes/root.js
index 9cd43aa911d9b549aba393fb35dea353ef996b28..0b8947fdd7a2f9193a4c59ab4c7901a1050a54e0 100644
--- a/routes/root.js
+++ b/routes/root.js
@@ -65,6 +65,11 @@ router.post('/saml/SSO', passport.authenticate('saml', { failureRedirect: '/logi
     const xmlResponse = req.body.SAMLResponse;
     const parser = new Saml2js(xmlResponse);
     const userid = parser.get('email');
+
+    //check, if user exists, if not create.
+
+    //else get userid and create session -> set cookie
+
     crypto.randomBytes(48, function(ex, buf) {
               var token = buf.toString('hex');
 
@@ -73,20 +78,20 @@ router.post('/saml/SSO', passport.authenticate('saml', { failureRedirect: '/logi
                 token: token,
                 ip: req.ip,
                 device: "web",
-                created_at: new Date()
+                created_at: new Date(),
+                url : "/"
               };
 
               db.Session.create(session)
                 .error(err => {
                   console.error("Error creating Session:",err);
-                  res.sendStatus(500);
+                  res.redirect(500, "/");
                 })
                 .then(() => {
                   var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
                   res.cookie('sdsession', token, { domain: domain, httpOnly: true });
-                  res.status(201).json(session);
+                  res.redirect(302, "/")
                 });
-                res.redirect("/");
     });
 });