diff --git a/s2example/demo.go b/s2example/demo.go
index 8ffe814..5e71ab0 100644
--- a/s2example/demo.go
+++ b/s2example/demo.go
@@ -86,23 +86,23 @@ func main() {
 	http.HandleFunc("/v1/_saml_callback", func(rw http.ResponseWriter, req *http.Request) {
 		err := req.ParseForm()
 		if err != nil {
-			rw.WriteHeader(http.StatusBadRequest)
+			http.Error(rw, "Failed to parse form: "+err.Error(), http.StatusBadRequest)
 			return
 		}
 
 		assertionInfo, err := sp.RetrieveAssertionInfo(req.FormValue("SAMLResponse"))
 		if err != nil {
-			rw.WriteHeader(http.StatusForbidden)
+			http.Error(rw, "Failed to retrieve assertion info: "+err.Error(), http.StatusForbidden)
 			return
 		}
 
 		if assertionInfo.WarningInfo.InvalidTime {
-			rw.WriteHeader(http.StatusForbidden)
+			http.Error(rw, "Invalid time", http.StatusForbidden)
 			return
 		}
 
 		if assertionInfo.WarningInfo.NotInAudience {
-			rw.WriteHeader(http.StatusForbidden)
+			http.Error(rw, "Not in audience", http.StatusForbidden)
 			return
 		}
 
@@ -129,6 +129,7 @@ func main() {
 	println(authURL)
 
 	println("Supply:")
+	fmt.Printf("      Issuer      : %s\n", sp.IdentityProviderIssuer)
 	fmt.Printf("  SP ACS URL      : %s\n", sp.AssertionConsumerServiceURL)
 
 	err = http.ListenAndServe(":8080", nil)