This redirect to a “local server” is part of OIDC’s authentication flow for standalone apps. This includes UBA and UGS.
You need to configure the OIDC IdP to accept this as a valid redirection. This is not a security risk, and is working-as-designed.