diff --git a/lib/samlp.js b/lib/samlp.js
index 19a1332..9011b09 100644
--- a/lib/samlp.js
+++ b/lib/samlp.js
@@ -161,7 +161,11 @@ module.exports.auth = function (options) {
 
     function execute(postUrl, audience, req, res, next) {
       var user = opts.getUserFromRequest(req);
-      if (!user) return res.send(401);
+      if (!user) {
+        const err = new Error('SAML unauthorized');
+        err.status = 401;
+        return next(err);
+      }
 
       opts.audience = audience;
       opts.postUrl = postUrl;
@@ -201,8 +205,12 @@ module.exports.auth = function (options) {
       }
 
       opts.getPostURL(audience, samlRequestDom, req, function (err, postUrl) {
-        if (err) { return res.send(500, err); }
-        if (!postUrl) { return res.send(401); }
+        if (err) { return next(err); }
+        if (!postUrl) {
+          const error = new Error('SAML unauthorized error, postUrl not received');
+          error.status = 401;
+          return next(error);
+        }
 
         execute(postUrl, audience, req, res, next);
       });
diff --git a/test/fixture/server.js b/test/fixture/server.js
index 62c2ca9..1fa0228 100644
--- a/test/fixture/server.js
+++ b/test/fixture/server.js
@@ -59,7 +59,7 @@ module.exports.start = function(options, callback){
       key:                credentials.key
     }, module.exports.options))(req, res, function(err){
       if (err) {
-        return res.send(400, err.message);
+        return res.send(err.status || 400, err.message);
       } 
       next();
     });
@@ -81,7 +81,7 @@ module.exports.start = function(options, callback){
       key:                credentials.key
     }, module.exports.options))(req, res, function (err) {
       if (err) {
-        return res.send(400, err.message);
+        return res.send(err.status || 400, err.message);
       } 
       next();
     });
@@ -95,12 +95,16 @@ module.exports.start = function(options, callback){
       key:                credentials.key
     }, module.exports.options))(req, res, function (err) {
       if (err) {
-        return res.send(400, err.message);
+        return res.send(err.status || 400, err.message);
       } 
       next();
     });
   });
 
+  app.use(function (error, req, res, next) {
+    return res.status(error.status || 500).send(error.message);
+  });
+
   var server = http.createServer(app).listen(5050, callback);
   module.exports.close = server.close.bind(server);
 };