diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
index f04f2f716..93491c72e 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -67,6 +67,7 @@ private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         StrictHttpFirewall firewall = new StrictHttpFirewall();
         firewall.setAllowUrlEncodedSlash(true);
         firewall.setAllowUrlEncodedDoubleSlash(true);
+        firewall.setAllowSemicolon(true);
         return firewall;
     }
 
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
index cc5ce8e25..2c6ba0099 100644
--- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
+++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -116,6 +116,7 @@ public void configure(org.springframework.security.config.annotation.web.builder
             StrictHttpFirewall firewall = new StrictHttpFirewall();
             firewall.setAllowUrlEncodedSlash(true);
             firewall.setAllowUrlEncodedDoubleSlash(true);
+            firewall.setAllowSemicolon(true);
             web.httpFirewall(firewall);
    
             // These don't need to be secured