diff --git a/src/authentic2_auth_oidc/models.py b/src/authentic2_auth_oidc/models.py
index b91c51b33..5086ef313 100644
--- a/src/authentic2_auth_oidc/models.py
+++ b/src/authentic2_auth_oidc/models.py
@@ -261,7 +261,16 @@ class OIDCProvider(BaseAuthenticator):
     def passive_login(self, request, block_id, next_url):
         from . import views
 
-        return views.oidc_login(request, pk=self.pk, next_url=next_url, passive=True)
+        return views.oidc_login(
+            request,
+            pk=self.pk,
+            next_url=next_url,
+            # self.passive_authn_supported == False means that the remote provider implementation
+            # is buggy, prompt=none will trigger a remote HTTP 500 instead of the OIDC-specified
+            # {login,consent,interaction}_required error. Hence do not try to add prompt=none. Try
+            # a standard authn request instead, the lesser evil in this case.
+            passive=self.passive_authn_supported,
+        )
 
     def login(self, request, *args, **kwargs):
         context = kwargs.get('context', {}).copy()
diff --git a/tests/test_auth_oidc.py b/tests/test_auth_oidc.py
index 9f1040a9c..53daddcc4 100644
--- a/tests/test_auth_oidc.py
+++ b/tests/test_auth_oidc.py
@@ -1473,6 +1473,30 @@ def test_passive_login(get_provider, rf):
     assert qs['prompt'] == 'none'
 
 
+@mock.patch('authentic2_auth_oidc.views.get_provider')
+def test_passive_login_deactivated(get_provider, rf):
+    AUTHORIZE_URL = 'https://op.example.com/authorize'
+    SCOPES = {'profile'}
+
+    provider = OIDCProvider.objects.create(
+        pk=1,
+        client_id='1234',
+        authorization_endpoint=AUTHORIZE_URL,
+        scopes=' '.join(SCOPES),
+        enabled=True,
+        passive_authn_supported=False,  # remote provider will break on prompt=None
+    )
+    get_provider.return_value = provider
+    req = rf.get('/?next=/idp/x/')
+    req.user = mock.Mock()
+    req.user.is_authenticated = False
+
+    url = provider.passive_login(req, block_id=1, next_url='/').url
+    _, query = url.split('?', 1)
+    qs = dict(urllib.parse.parse_qsl(query))
+    assert qs['prompt'] == 'login'
+
+
 @mock.patch('authentic2_auth_oidc.views.get_provider')
 def test_passive_login_main_view(get_provider, rf):
     AUTHORIZE_URL = 'https://op.example.com/authorize'