diff --git a/server/routers/resource/getResourceAuthInfo.ts b/server/routers/resource/getResourceAuthInfo.ts
index 7def75d5b..30ff4699a 100644
--- a/server/routers/resource/getResourceAuthInfo.ts
+++ b/server/routers/resource/getResourceAuthInfo.ts
@@ -32,6 +32,8 @@ export type GetResourceAuthInfoResponse = {
     sso: boolean;
     blockAccess: boolean;
     url: string;
+    wildcard: boolean;
+    fullDomain: string | null;
     whitelist: boolean;
     skipToIdpId: number | null;
     orgId: string;
@@ -130,7 +132,9 @@ export async function getResourceAuthInfo(
         const headerAuthExtendedCompatibility =
             result?.resourceHeaderAuthExtendedCompatibility;
 
-        const url = `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`;
+        const url = resource.fullDomain
+            ? `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`
+            : null;
 
         return response<GetResourceAuthInfoResponse>(res, {
             data: {
@@ -145,7 +149,9 @@ export async function getResourceAuthInfo(
                     headerAuthExtendedCompatibility !== null,
                 sso: resource.sso,
                 blockAccess: resource.blockAccess,
-                url,
+                url: url ?? "",
+                wildcard: resource.wildcard ?? false,
+                fullDomain: resource.fullDomain,
                 whitelist: resource.emailWhitelistEnabled,
                 skipToIdpId: resource.skipToIdpId,
                 orgId: resource.orgId,
diff --git a/src/app/auth/resource/[resourceGuid]/page.tsx b/src/app/auth/resource/[resourceGuid]/page.tsx
index f22a59d6b..c78c277b6 100644
--- a/src/app/auth/resource/[resourceGuid]/page.tsx
+++ b/src/app/auth/resource/[resourceGuid]/page.tsx
@@ -106,10 +106,22 @@ export default async function ResourceAuthPage(props: {
             const redirectPort = new URL(searchParams.redirect).port;
             const serverResourceHostWithPort = `${serverResourceHost}:${redirectPort}`;
 
+            const wildcardMatchesRedirect = (wildcardDomain: string, host: string): boolean => {
+                if (!wildcardDomain.startsWith("*.")) return false;
+                const suffix = wildcardDomain.slice(1); // e.g. ".wildcard.owen.fosrl.io"
+                return host.endsWith(suffix) && host.length > suffix.length;
+            };
+
             if (serverResourceHost === redirectHost) {
                 redirectUrl = searchParams.redirect;
             } else if (serverResourceHostWithPort === redirectHost) {
                 redirectUrl = searchParams.redirect;
+            } else if (
+                authInfo.wildcard &&
+                authInfo.fullDomain &&
+                wildcardMatchesRedirect(authInfo.fullDomain, redirectHost)
+            ) {
+                redirectUrl = searchParams.redirect;
             }
         } catch (e) {}
     }