diff --git a/edivorce/apps/core/templates/407.html b/edivorce/apps/core/templates/407.html
new file mode 100644
index 00000000..d480cdab
--- /dev/null
+++ b/edivorce/apps/core/templates/407.html
@@ -0,0 +1,20 @@
+{% extends 'base.html' %}
+
+{% block title %}{{ block.super }}: 500 Internal Server Error{% endblock %}
+
+{% block content %}
+<h1>Authentication Error Occurred</h1>
+<p>Invalid SiteMinder authentication type.  Only basic BCeID authentication is supported at this time.</p>
+<div style="min-height:200px"></div>
+{% endblock %}
+
+{% block formbuttons %}
+<!-- no formbuttons -->
+{% endblock %}
+
+{% block sidebarNav %}
+<!-- no sidebar -->
+{% endblock %}
+{% block sidebar %}
+<!-- no sidebar -->
+{% endblock %}
diff --git a/edivorce/apps/core/urls.py b/edivorce/apps/core/urls.py
index 32f78043..4b8fcbe7 100644
--- a/edivorce/apps/core/urls.py
+++ b/edivorce/apps/core/urls.py
@@ -9,8 +9,7 @@ urlpatterns = [
     # url(r'^guide$', styleguide.guide),
     url(r'^api/response$', api.UserResponseHandler.as_view()),
 
-    # todo: remove this line once SMGOV headers are working
-    url(r'^login/headers$', system.headers),
+    # url(r'^login/headers$', system.headers),
 
     url(r'^login', main.login, name="login"),
     url(r'^bceid', localdev.bceid, name="bceid"),
@@ -23,8 +22,7 @@ urlpatterns = [
     url(r'^health$', system.health),
     url(r'^legal', main.legal, name="legal"),
 
-    # todo: remove this line once SMGOV headers are working
-    url(r'^headers$', system.headers),
+    # url(r'^headers$', system.headers),
 
     url(r'^pdf-form(?P<form_number>[0-9]{1,3}(_we|_claimant1|_claimant2)?)$', pdf.form, name="pdf_form"),
     url(r'^prequalification/step_(?P<step>[0-9]{2})$', main.prequalification, name="prequalification"),
diff --git a/edivorce/apps/core/views/main.py b/edivorce/apps/core/views/main.py
index 6e0dac62..87416b5e 100644
--- a/edivorce/apps/core/views/main.py
+++ b/edivorce/apps/core/views/main.py
@@ -109,8 +109,11 @@ def login(request):
             # If a user is logged into an IDIR then they can see the login page
             # but the SMGOV headers are missing.  If this is the case, then log them out
             # of their IDIR, and redirect them back to here again....
-            return redirect(
-                settings.LOGOUT_URL_TEMPLATE % (settings.PROXY_BASE_URL, settings.FORCE_SCRIPT_NAME[:-1] + '/login'))
+            if request.GET.get('noretry','') != 'true':
+                return redirect(settings.LOGOUT_URL_TEMPLATE % (
+                    settings.PROXY_BASE_URL, settings.FORCE_SCRIPT_NAME[:-1] + '/login%3Fnoretry=true'))
+            else:
+                return render(request, '407.html')
 
         user, created = __get_bceid_user(request)