diff --git a/src/api/core/sso_cookie_vendor.rs b/src/api/core/sso_cookie_vendor.rs
index e4c5b3dd..f5ff150b 100644
--- a/src/api/core/sso_cookie_vendor.rs
+++ b/src/api/core/sso_cookie_vendor.rs
@@ -69,10 +69,7 @@ fn sso_cookie_vendor(cookies: &CookieJar<'_>) -> Result<Redirect, (Status, Html<
 ///
 /// Checks for a single (non-sharded) cookie first. If found, it takes precedence.
 /// Otherwise, checks for sharded cookies ({name}-0 through {name}-19).
-fn build_redirect_uri(
-    cookie_name: &str,
-    cookies: &HashMap<String, String>,
-) -> Result<String, (Status, Html<String>)> {
+fn build_redirect_uri(cookie_name: &str, cookies: &HashMap<String, String>) -> Result<String, (Status, Html<String>)> {
     // Check for the single (non-sharded) cookie — takes precedence over shards
     if let Some(value) = cookies.get(cookie_name) {
         let encoded_value = url_encode(value);
diff --git a/src/config.rs b/src/config.rs
index a78ccee2..13875cdc 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1091,13 +1091,12 @@ fn validate_config(cfg: &ConfigItems, on_update: bool) -> Result<(), Error> {
         validate_sso_master_password_policy(cfg.sso_master_password_policy.as_ref())?;
     }
 
-    if cfg.sso_cookie_vendor_enabled {
-        if cfg.sso_cookie_vendor_idp_login_url.is_empty()
+    if cfg.sso_cookie_vendor_enabled
+        && (cfg.sso_cookie_vendor_idp_login_url.is_empty()
             || cfg.sso_cookie_vendor_cookie_name.is_empty()
-            || cfg.sso_cookie_vendor_cookie_domain.is_empty()
-        {
-            err!("`SSO_COOKIE_VENDOR_IDP_LOGIN_URL`, `SSO_COOKIE_VENDOR_COOKIE_NAME` and `SSO_COOKIE_VENDOR_COOKIE_DOMAIN` must be set when SSO cookie vendor is enabled")
-        }
+            || cfg.sso_cookie_vendor_cookie_domain.is_empty())
+    {
+        err!("`SSO_COOKIE_VENDOR_IDP_LOGIN_URL`, `SSO_COOKIE_VENDOR_COOKIE_NAME` and `SSO_COOKIE_VENDOR_COOKIE_DOMAIN` must be set when SSO cookie vendor is enabled")
     }
 
     if cfg._enable_yubico {