diff --git a/application/forms/Authentication/LoginForm.php b/application/forms/Authentication/LoginForm.php
index 9965a6c12..f7bae3d1b 100644
--- a/application/forms/Authentication/LoginForm.php
+++ b/application/forms/Authentication/LoginForm.php
@@ -128,14 +128,9 @@ class LoginForm extends Form
     {
         $auth = Auth::getInstance();
         $onlyExternal = true;
-        $user = new User('');
+        // TODO(el): This may be set on the auth chain once iterated. See Auth::authExternal().
         foreach ($auth->getAuthChain() as $backend) {
-            if ($backend instanceof ExternalBackend) {
-                if ($backend->authenticate($user)) {
-                    $auth->setAuthenticated($user);
-                    $this->getResponse()->setRerenderLayout(true)->redirectAndExit($this->getRedirectUrl());
-                }
-            } else {
+            if (! $backend instanceof ExternalBackend) {
                 $onlyExternal = false;
             }
         }
diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php
index 7fee5b536..826875b6a 100644
--- a/library/Icinga/Authentication/Auth.php
+++ b/library/Icinga/Authentication/Auth.php
@@ -7,6 +7,7 @@ use Exception;
 use Icinga\Application\Config;
 use Icinga\Application\Icinga;
 use Icinga\Application\Logger;
+use Icinga\Authentication\User\ExternalBackend;
 use Icinga\Authentication\UserGroup\UserGroupBackend;
 use Icinga\Data\ConfigObject;
 use Icinga\Exception\IcingaException;
@@ -79,7 +80,11 @@ class Auth
      */
     public function isAuthenticated($ignoreSession = false)
     {
-        if ($this->user === null && ! $this->authHttp() && ! $ignoreSession) {
+        if ($this->user === null
+            && ! $this->authHttp()
+            && ! $this->authExternal()
+            && ! $ignoreSession
+        ) {
             $this->authenticateFromSession();
         }
         return $this->user !== null;
@@ -224,6 +229,25 @@ class Auth
         }
     }
 
+    /**
+     * Attempt to authenticate a user from external user backends
+     *
+     * @return bool
+     */
+    protected function authExternal()
+    {
+        $user = new User('');
+        foreach ($this->getAuthChain() as $userBackend) {
+            if ($userBackend instanceof ExternalBackend) {
+                if ($userBackend->authenticate($user)) {
+                    $this->setAuthenticated($user);
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
     /**
      * Attempt to authenticate a user using HTTP authentication
      *