diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
index 0a06a9bbc685a9a74bd2d07cc050ef4d327f7e73..e97e1165c0f34c114fc119e6df08063d854beba8 100644
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
@@ -68,22 +68,24 @@
 
 package ca.nrc.cadc.ac.server.web;
 
-import ca.nrc.cadc.ac.AC;
-import ca.nrc.cadc.auth.AuthenticationUtil;
-import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.log.ServletLogInfo;
-import ca.nrc.cadc.reg.client.RegistryClient;
-import org.apache.log4j.Logger;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+import java.util.Set;
 
 import javax.security.auth.Subject;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.net.URI;
-import java.net.URL;
-import java.util.Set;
+
+import org.apache.log4j.Logger;
+
+import ca.nrc.cadc.ac.AC;
+import ca.nrc.cadc.auth.AuthenticationUtil;
+import ca.nrc.cadc.auth.HttpPrincipal;
+import ca.nrc.cadc.log.ServletLogInfo;
+import ca.nrc.cadc.reg.client.RegistryClient;
 
 /**
  * Servlet to handle GET requests asking for the current User.  This servlet
@@ -95,7 +97,7 @@ public class WhoAmIServlet extends HttpServlet
 {
     private static final Logger log = Logger.getLogger(WhoAmIServlet.class);
 
-    static final String USER_GET_PATH = "/users/%s?idType=HTTP";
+    static final String USER_GET_PATH = "/%s?idType=HTTP";
 
     /**
      * Handle a /whoami GET operation.
@@ -158,13 +160,13 @@ public class WhoAmIServlet extends HttpServlet
      * @param scheme       The scheme
      */
     void redirect(final HttpServletResponse response,
-                  final HttpPrincipal webPrincipal, 
+                  final HttpPrincipal webPrincipal,
                   final String scheme) throws IOException
     {
         final RegistryClient registryClient = getRegistryClient();
         final URL redirectURL =
                 registryClient.getServiceURL(
-                        URI.create(AC.GMS_SERVICE_URI), scheme, USER_GET_PATH);
+                        URI.create(AC.UMS_SERVICE_URI + "#users"), scheme, USER_GET_PATH);
 
         // Take the first one.
         final String redirectUrl =
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
index b3f1fa5c852b4e8d433a4e7a14cf52f665c8e775..8e2780087f960fd4d48077f0ad87b3945a2888e0 100644
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
@@ -166,6 +166,9 @@ public class UserClient
 	        // augment subject calls are always https with client certs
 	        URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT);
 
+	        if (getUserURL == null)
+	            throw new IllegalArgumentException("No service endpoint for uri " + usersURI);
+
 	    	log.debug("augmentSubject request to " + getUserURL.toString());
 	        ByteArrayOutputStream out = new ByteArrayOutputStream();
 	        HttpDownload download = new HttpDownload(getUserURL, out);