diff --git a/client/singlesignon_client.module b/client/singlesignon_client.module
index 47e5ebb..85a1b85 100644
--- a/client/singlesignon_client.module
+++ b/client/singlesignon_client.module
@@ -32,12 +32,12 @@ define('SINGLESIGNON_BOT_REGEX', "/bot|spider|crawler/i");
  * Implementation of hook_boot().
  */
 function singlesignon_client_boot() {
-  global $user, $base_url;
+  global $user, $base_url, $base_root;
 
   // Add P3P Compact Policy (necessary for IE thirdparty Cookies)
   header('P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
 
-  if ($_GET['singlesignon_message']) {
+  if (array_key_exists('singlesignon_message', $_GET) && $_GET['singlesignon_message']) {
     drupal_set_message(check_plain($_GET['singlesignon_message']));
   }
 
@@ -104,7 +104,7 @@ function singlesignon_client_boot() {
       // Set up a request id and try to associate with the controller.
       $_SESSION['request_id'] = singlesignon_get_random_id();
       $request_data = array(
-          'origin' => $base_url . request_uri(),
+          'origin' => $base_root . request_uri(),
           'request_id' => $_SESSION['request_id'],
           );
       if ($_GET['singlesignon_message']) {
diff --git a/singlesignon.inc b/singlesignon.inc
index bf9d3b9..da50801 100644
--- a/singlesignon.inc
+++ b/singlesignon.inc
@@ -126,7 +126,6 @@ function singlesignon_create_request($base_url, $path, $arguments, $key) {
   }
   $hmac = singlesignon_hmac($base_url, array('q' => $path) + $arguments, $key);
 
-
   // Cannot use drupal_query_string_encode(). Drupal 6 applies mod_rewrite
   // workaround on query arguments unnecessarily.
   $query = singlesignon_build_query($arguments);
@@ -152,7 +151,7 @@ function singlesignon_build_query($arguments) {
  * Verify if the current request is signed correctly.
  */
 function singlesignon_verify_request($key) {
-  global $base_url;
+  global $base_root;
 
   // Verify if an auth token was set.
   if (!isset($_GET['auth'])) {
@@ -164,7 +163,7 @@ function singlesignon_verify_request($key) {
   unset($arguments['auth']);
 
   // Generate auth token.
-  $hmac = singlesignon_hmac($base_url, $arguments, $key);
+  $hmac = singlesignon_hmac($base_root, $arguments, $key);
 
   // Verify HMAC.
   return $hmac == $_GET['auth'];