You are using a real DNS name for your Gluu Server? Can you perhaps add a host entry for your demo app in the hosts file on the server? Do you check the apache logs?

Hi Timothy, We renamed the `/oxauth/authorize` endpoint recently but demo source code wasn't adjusted to conform. I applied the fix. Please clone again this repo https://github.com/GluuFederation/Inbound-SAML-Demo or manually apply [this](https://github.com/GluuFederation/Inbound-SAML-Demo/commit/4077599b80ab6f1704dcbabd5bad76f8877829e4) change

Thanks Jose, that was it. Another quick question, how do I get the email to show, or better yet, login with the email address instead of the username?

Hi, Timothy. >how do I get the email to show, or better yet, login with the email address instead of the username? Could you elaborate? Where do you need it to be shown? Just to clarify things, Passport-SAML authentication is a different process from the "Gluu server <-> Test app" part of the flow. There is sort of a layer of abstraction between those. So if you need the test app to provide a different output, you just need to modify [its source code](https://github.com/GluuFederation/Inbound-SAML-Demo/blob/master/server.js) accordingly (what is out of scope of Community support). The app already requests "email" scope from Gluu Server, so it should has the user's email at its disposal.

For password authentication, see [https://gluu.org/docs/ce/3.1.5/admin-guide/oxtrust-ui/#manage-ldap-authentication](https://gluu.org/docs/ce/3.1.5/admin-guide/oxtrust-ui/#manage-ldap-authentication) And set `Primary Key` to `mail` (i.e. ldap name of email attribute).

Thanks Mike. I can login with email now. Jose, I connected 2 remote active directories and I was logging in with the username, but wanted use the email address instead. But email was the most important, so that way we can apply the appropriate redirect page. I think I have enough to roll on from here. Will come back if I get stuck again Thanks.