diff --git a/default-views/auth/login-tls.hbs b/default-views/auth/login-tls.hbs
index 548d4780c..77d99562f 100644
--- a/default-views/auth/login-tls.hbs
+++ b/default-views/auth/login-tls.hbs
@@ -30,7 +30,10 @@
         return response
       })
       .then(function(response) {
-        window.location.href = response.url
+        // TODO: redirect to proper location stored in hidden field redirect_uri
+        // depends on https://github.com/solid/node-solid-server/pull/648
+        // and https://github.com/solid/oidc-auth-manager/issues/17
+        window.location.href = '/'
       })
   })
 </script>
diff --git a/lib/requests/login-request.js b/lib/requests/login-request.js
index c78aa4ea8..030c13c93 100644
--- a/lib/requests/login-request.js
+++ b/lib/requests/login-request.js
@@ -30,6 +30,7 @@ class LoginRequest extends AuthRequest {
     super(options)
 
     this.authenticator = options.authenticator
+    this.authMethod = options.authMethod
   }
 
   /**
@@ -44,6 +45,7 @@ class LoginRequest extends AuthRequest {
    */
   static fromParams (req, res, authMethod) {
     let options = AuthRequest.requestOptions(req, res)
+    options.authMethod = authMethod
 
     switch (authMethod) {
       case PASSWORD_AUTH:
@@ -173,10 +175,21 @@ class LoginRequest extends AuthRequest {
    * Redirects the Login request to continue on the OIDC auth workflow.
    */
   redirectPostLogin (validUser) {
-    let uri = this.postLoginUrl(validUser)
+    // TODO: Make the kludge below unnecessary (e.g., by separating OIDC and TLS auth).
+    // If we have arrived here in the WebID-TLS case,
+    // this means the client has done an AJAX POST request to /login/tls.
+    // If the WebID is external, and we send out a redirect to that external URL,
+    // there is a risk that this external URL returns a non-2xx response.
+    // This in turn makes the AJAX call on the client fail,
+    // and its success code is not executed because of that failure.
+    // To prevent this, we just reply a 204 for external WebIDs.
+    if (this.authMethod === TLS_AUTH && validUser.externalWebId) {
+      debug('Login successful with WebID-TLS')
+      return this.response.header('User', validUser.webId).status(204).send()
+    }
 
+    let uri = this.postLoginUrl(validUser)
     debug('Login successful, redirecting to ', uri)
-
     this.response.redirect(uri)
   }