diff --git a/NEWS b/NEWS
index 9b74691..db05278 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,15 @@ NEWS
 :Authors: Toshio Kuratomi, Luke Macken, Ricky Elrod, Patrick Uiterwijk, Ralph Bean
 :Version: 1.1.0
 
+------
+1.1.1
+------
+
+Bugfixes:
+
+* Membership of the "signed_fpca" group was not always requested.
+
+
 ------
 1.1.0
 ------
diff --git a/flask_fas_openid.py b/flask_fas_openid.py
index e2898ab..ae73632 100644
--- a/flask_fas_openid.py
+++ b/flask_fas_openid.py
@@ -265,6 +265,11 @@ def login(self, username=None, password=None, return_url=None,
 
         if isinstance(groups, six.string_types):
             groups = [groups]
+        # In the new AAA system, we know a user has signed the FPCA by looking
+        # a group membership. We must therefore always request the
+        # corresponding group.
+        if "_FAS_ALL_GROUPS_" not in groups:
+            groups.append("signed_fpca")
 
         request.addExtension(sreg.SRegRequest(
             required=['nickname', 'fullname', 'email', 'timezone']))