diff --git a/appinfo/app.php b/appinfo/app.php
index a8ef249..54fd093 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -25,6 +25,7 @@ require_once __DIR__ . '/../3rdparty/vendor/autoload.php';
 
 $urlGenerator = \OC::$server->getURLGenerator();
 $config = \OC::$server->getConfig();
+$request = \OC::$server->getRequest();
 $samlSettings = new \OCA\User_SAML\SAMLSettings(
 	$urlGenerator,
 	$config
@@ -45,10 +46,20 @@ OC_User::useBackend($userBackend);
 OC_User::handleApacheAuth();
 
 // Redirect all requests to the login page to the SAML login
-$currentUrl = substr(explode('?', \OC::$server->getRequest()->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
+$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
 if($currentUrl === '/index.php/login' && !OC_User::isLoggedIn()) {
 	$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
 	header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
 	exit();
 }
 
+// If a request to OCS or remote.php is sent by the official desktop clients it can
+// be intercepted as it supports SAML. All other clients don't yet and thus we
+// require the usage of application specific passwords there.
+if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
+	if(!OC_User::isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
+		$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
+		header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
+		exit();
+	}
+}
diff --git a/lib/controller/samlcontroller.php b/lib/controller/samlcontroller.php
index 21f123b..d716917 100644
--- a/lib/controller/samlcontroller.php
+++ b/lib/controller/samlcontroller.php
@@ -108,12 +108,19 @@ class SAMLController extends Controller {
 			exit();
 		}
 
+
 		$this->session->set('user_saml.samlUserData', $auth->getAttributes());
 		$this->session->set('user_saml.samlNameId', $auth->getNameId());
 		$this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex());
 		$this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration());
 
-		return new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
+		$response = new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
+		// The Nextcloud desktop client expects a cookie with the key of "_shibsession"
+		// to be there.
+		if($this->request->isUserAgent(['/^.*(mirall|csyncoC)\/.*$/'])) {
+			$response->addCookie('_shibsession_', 'authenticated');
+		}
+		return $response;
 	}
 
 	/**