diff --git a/refstack-ui/app/app.js b/refstack-ui/app/app.js
index be1e3228..ab8587f8 100644
--- a/refstack-ui/app/app.js
+++ b/refstack-ui/app/app.js
@@ -70,7 +70,7 @@
                 controller: 'ProfileController as ctrl'
             }).
             state('authFailure', {
-                url: '/auth_failure/:message',
+                url: '/auth_failure',
                 templateUrl: '/components/home/home.html',
                 controller: 'AuthFailureController as ctrl'
             }).
diff --git a/refstack-ui/app/components/auth-failure/authFailureController.js b/refstack-ui/app/components/auth-failure/authFailureController.js
index 51ea8f29..1a9bb734 100644
--- a/refstack-ui/app/components/auth-failure/authFailureController.js
+++ b/refstack-ui/app/components/auth-failure/authFailureController.js
@@ -19,13 +19,15 @@
         .module('refstackApp')
         .controller('AuthFailureController', AuthFailureController);
 
-    AuthFailureController.$inject = ['$stateParams', '$state', 'raiseAlert'];
+    AuthFailureController.$inject = ['$location', '$state', 'raiseAlert'];
     /**
      * Refstack Auth Failure Controller
      * This controller handles messages from Refstack API if user auth fails.
      */
-    function AuthFailureController($stateParams, $state, raiseAlert) {
-        raiseAlert('danger', 'Authentication Failure:', $stateParams.message);
+    function AuthFailureController($location, $state, raiseAlert) {
+        var ctrl = this;
+        ctrl.message = $location.search().message;
+        raiseAlert('danger', 'Authentication Failure:', ctrl.message);
         $state.go('home');
     }
 })();
diff --git a/refstack-ui/tests/unit/ControllerSpec.js b/refstack-ui/tests/unit/ControllerSpec.js
index c1964a0c..5a4cf782 100644
--- a/refstack-ui/tests/unit/ControllerSpec.js
+++ b/refstack-ui/tests/unit/ControllerSpec.js
@@ -627,4 +627,21 @@ describe('Refstack controllers', function () {
                 expect(modalInstance.close).toHaveBeenCalledWith();
             });
     });
+
+    describe('AuthFailureController', function() {
+        var $location, ctrl;
+
+        beforeEach(inject(function ($controller, _$location_) {
+            $location = _$location_;
+            $location.url('/auth_failure?message=some_error_message');
+            ctrl = $controller('AuthFailureController', {});
+        }));
+
+        it('should set the authentication failure url based on error message',
+            function () {
+                expect($location.url()).toBe('/auth_failure?message=' +
+                'some_error_message');
+                expect(ctrl.message).toBe('some_error_message');
+            });
+    });
 });
diff --git a/refstack/api/controllers/auth.py b/refstack/api/controllers/auth.py
index 9e388dad..5e47f83f 100644
--- a/refstack/api/controllers/auth.py
+++ b/refstack/api/controllers/auth.py
@@ -105,8 +105,12 @@ class AuthController(rest.RestController):
     }
 
     def _auth_failure(self, message):
-        pecan.redirect(parse.urljoin(CONF.ui_url,
-                                     '/#/auth_failure/%s') % message)
+        params = {
+            'message': message
+        }
+        url = parse.urljoin(CONF.ui_url,
+                            '/#/auth_failure?' + parse.urlencode(params))
+        pecan.redirect(url)
 
     @pecan.expose()
     def signin(self):
diff --git a/refstack/tests/unit/test_api.py b/refstack/tests/unit/test_api.py
index 10edf7cb..9e616a10 100644
--- a/refstack/tests/unit/test_api.py
+++ b/refstack/tests/unit/test_api.py
@@ -454,7 +454,7 @@ class AuthControllerTestCase(BaseControllerTestCase):
         self.assertRaises(webob.exc.HTTPRedirection,
                           self.controller.signin_return)
         mock_redirect.assert_called_once_with(
-            'http://127.0.0.1/#/auth_failure/foo is not bar!!!')
+            'http://127.0.0.1/#/auth_failure?message=foo+is+not+bar%21%21%21')
         self.assertNotIn(const.CSRF_TOKEN,
                          self.mock_request.environ['beaker.session'])
 
@@ -468,7 +468,7 @@ class AuthControllerTestCase(BaseControllerTestCase):
         self.assertRaises(webob.exc.HTTPRedirection,
                           self.controller.signin_return)
         mock_redirect.assert_called_once_with(
-            'http://127.0.0.1/#/auth_failure/Authentication canceled.')
+            'http://127.0.0.1/#/auth_failure?message=Authentication+canceled.')
         self.assertNotIn(const.CSRF_TOKEN,
                          self.mock_request.environ['beaker.session'])
 
@@ -480,8 +480,8 @@ class AuthControllerTestCase(BaseControllerTestCase):
         self.assertRaises(webob.exc.HTTPRedirection,
                           self.controller.signin_return)
         mock_redirect.assert_called_once_with(
-            'http://127.0.0.1/#/auth_failure/'
-            'Authentication failed. Please try again.')
+            'http://127.0.0.1/#/auth_failure'
+            '?message=Authentication+failed.+Please+try+again.')
         self.assertNotIn(const.CSRF_TOKEN,
                          self.mock_request.environ['beaker.session'])
 
@@ -494,8 +494,8 @@ class AuthControllerTestCase(BaseControllerTestCase):
         self.assertRaises(webob.exc.HTTPRedirection,
                           self.controller.signin_return)
         mock_redirect.assert_called_once_with(
-            'http://127.0.0.1/#/auth_failure/'
-            'Authentication failed. Please try again.')
+            'http://127.0.0.1/#/auth_failure'
+            '?message=Authentication+failed.+Please+try+again.')
         self.assertNotIn(const.CSRF_TOKEN,
                          self.mock_request.environ['beaker.session'])