diff --git a/gem/lib/cli/common.rb b/gem/lib/cli/common.rb
index 73b71ed5365..3244dd6bf47 100644
--- a/gem/lib/cli/common.rb
+++ b/gem/lib/cli/common.rb
@@ -11,7 +11,6 @@
 # subcomponent's license, as noted in the LICENSE file.
 #++
 
-require 'open-uri'
 require 'cli/base'
 require 'cli/config'
 
diff --git a/gem/lib/cli/config.rb b/gem/lib/cli/config.rb
index 3bcf325ebd0..3a5463716b4 100644
--- a/gem/lib/cli/config.rb
+++ b/gem/lib/cli/config.rb
@@ -37,6 +37,14 @@ def self.load(config = nil)
       @config_file = nil
     elsif File.exists?(@config_file = config)
       @config = YAML.load_file(@config_file)
+      @config.each { |k, v|
+        next unless k.to_s =~ / /
+        STDERR.puts "", "Invalid config file #{@config_file}.",
+          "If it's from an old version of uaac, please remove it.",
+          "Note that the uaac command structure has changed.",
+          "Please review the new commands with 'uaac help'", ""
+        exit 1
+      }
     end
     @config = Util.hash_keys(@config, :tosym)
     @context = current_subhash(@config[@target][:contexts]) if @target = current_subhash(@config)
diff --git a/gem/lib/uaa/token_issuer.rb b/gem/lib/uaa/token_issuer.rb
index 1384c6cc1c4..49995d62a11 100644
--- a/gem/lib/uaa/token_issuer.rb
+++ b/gem/lib/uaa/token_issuer.rb
@@ -70,9 +70,23 @@ def implicit_grant_with_creds(credentials, scope = nil)
 
     status, body, headers = request(:post, uri, body, headers)
     raise BadResponse, "status #{status}" unless status == 302
-    loc = headers[:location].split('#')
-    raise BadResponse, "bad location header" unless loc.length == 2 && URI.parse(loc[0]) == URI.parse(redir_uri)
-    parse_implicit_params loc[1], state
+    req_uri, reply_uri = URI.parse(redir_uri), URI.parse(headers[:location])
+    fragment, reply_uri.fragment = reply_uri.fragment, nil
+    return parse_implicit_params(fragment, state) if req_uri == reply_uri
+
+    # work around bug when uaa is behind proxy that rewrites location header
+    if reply_uri.scheme == "https"
+      reply_uri.scheme = "http"
+      if req_uri == URI.parse(reply_uri.to_s)
+        logger.warn("Scheme of location URL in reply is different than requested")
+        return parse_implicit_params(fragment, state)
+      end
+      puts req_uri.inspect, reply_uri.inspect
+    end
+
+    raise BadResponse, "bad location header"
+  rescue URI::Error => e
+    raise BadResponse, "bad location header in reply: #{e.message}"
   end
 
   # constructs a uri that the client is to return to the browser to direct
diff --git a/gem/lib/uaa/util.rb b/gem/lib/uaa/util.rb
index bb740b6c518..e3a30508eb8 100644
--- a/gem/lib/uaa/util.rb
+++ b/gem/lib/uaa/util.rb
@@ -13,7 +13,7 @@
 
 require 'yajl/json_gem'
 require 'logger'
-require 'open-uri'
+require 'uri'
 
 module CF; module UAA end end