If you are using Apache and
ExpiresActive is set
on within your site config (a default setting in some CMS software), the Firefox browser can get caught in a loop and not be able to be successfully returned to the resource by OpenAthens because it has cached the redirect to the authentication point and takes itself back there. This may affect more browsers in the future.
This can be rectified by setting
ExpiresActive off in your
.htaccess file, or only for the /oa-auth location depending on your requirements. An upcoming revision to OpenAthens SP will address this, but until then it will need to be set manually.