diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
index 14389938eb..883bf7611d 100644
--- a/openstack_auth/forms.py
+++ b/openstack_auth/forms.py
@@ -28,6 +28,13 @@ from openstack_auth import utils
 LOG = logging.getLogger(__name__)
 
 
+def get_region_endpoint(region_id):
+    if region_id == "default":
+        return settings.OPENSTACK_KEYSTONE_URL
+    all_regions = getattr(settings, 'AVAILABLE_REGIONS', [])
+    return all_regions[int(region_id)][0]
+
+
 class Login(django_auth_forms.AuthenticationForm):
     """Form used for logging in a user.
 
@@ -125,14 +132,11 @@ class Login(django_auth_forms.AuthenticationForm):
         password = self.cleaned_data.get('password')
         domain = self.cleaned_data.get('domain', default_domain)
         region_id = self.cleaned_data.get('region')
-        if region_id == "default":
-            region = settings.OPENSTACK_KEYSTONE_URL
-        else:
-            all_regions = getattr(settings, 'AVAILABLE_REGIONS', [])
-            try:
-                region = all_regions[int(region_id)][0]
-            except (ValueError, IndexError, TypeError):
-                raise forms.ValidationError("Invalid region %r" % region_id)
+        try:
+            region = get_region_endpoint(region_id)
+        except (ValueError, IndexError, TypeError):
+            raise forms.ValidationError("Invalid region %r" % region_id)
+        self.cleaned_data['region'] = region
 
         if not (username and password):
             # Don't authenticate, just let the other validators handle it.
diff --git a/openstack_auth/tests/unit/test_auth.py b/openstack_auth/tests/unit/test_auth.py
index 119464d9fc..016956692d 100644
--- a/openstack_auth/tests/unit/test_auth.py
+++ b/openstack_auth/tests/unit/test_auth.py
@@ -1171,7 +1171,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin,
                         (settings.OPENSTACK_KEYSTONE_URL, protocol, origin))
 
         form_data = {'auth_type': protocol,
-                     'region': settings.OPENSTACK_KEYSTONE_URL}
+                     'region': 'default'}
         url = reverse('login')
 
         # POST to the page and redirect to keystone.
@@ -1188,7 +1188,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin,
                          protocol, origin))
 
         form_data = {'auth_type': self.idp_oidc_id,
-                     'region': settings.OPENSTACK_KEYSTONE_URL}
+                     'region': 'default'}
         url = reverse('login')
 
         # POST to the page and redirect to keystone.
@@ -1206,7 +1206,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin,
                          protocol, origin))
 
         form_data = {'auth_type': self.idp_oidc_id,
-                     'region': settings.OPENSTACK_KEYSTONE_URL}
+                     'region': 'default'}
         url = reverse('login')
 
         # POST to the page and redirect to keystone.
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index bac06edf82..9af337810a 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -71,8 +71,9 @@ def login(request, template_name=None, extra_context=None, **kwargs):
     if request.method == 'POST':
         auth_type = request.POST.get('auth_type', 'credentials')
         if utils.is_websso_enabled() and auth_type != 'credentials':
+            region_id = request.POST.get('region')
             auth_url = getattr(settings, 'WEBSSO_KEYSTONE_URL',
-                               request.POST.get('region'))
+                               forms.get_region_endpoint(region_id))
             url = utils.get_websso_url(request, auth_url, auth_type)
             return shortcuts.redirect(url)