Any url with '&' between parameters causes a NPE
BAM-5209 Login redirect incorrect for oauth handshake
BAM-5267 NPE when & is included in the request