When a redirect URL with query params is passed to the SSO service, a ticket must be concatenated to the redirect URL in the way that the validity of query params is conserved.
For example, a successful authentication on http://sso.com/login?service=http://example.com/?redirect=/home must redirect the user to http://example.com/?redirect=/home&ticket=... instead of http://example.com/?redirect=/home?ticket=.... Notice the difference in the use of ? and & before ticket param.