diff --git a/trurt/sso/forms.py b/trurt/sso/forms.py
index 368414e9ea589322b55530020ea262e45bf9dc96..7eba34bd4f937e6f8772a6a0b2d80fa076bf5dfe 100644
--- a/trurt/sso/forms.py
+++ b/trurt/sso/forms.py
@@ -5,5 +5,4 @@ import flask_wtf
 
 
 class SSOValidateForm(flask_wtf.FlaskForm):
-    service_id = fields.IntegerField('service', [])
-    profile_id = fields.IntegerField('profile', [])
+    profile_uuid = fields.TextField('profile', [])
diff --git a/trurt/sso/saml.py b/trurt/sso/saml.py
index 220d8b1e7f2ddd21af3a05ce6ffaaa3d0a86dd16..fa0529b20f828161ea84a3cea4b9785f6a9a1181 100644
--- a/trurt/sso/saml.py
+++ b/trurt/sso/saml.py
@@ -96,18 +96,18 @@ class SecurityContext(sigver.SecurityContext):
 def redirect(service_uuid):
     service = models.Service.query.get(service_uuid) or flask.abort(404)
     return flask.redirect(utils.url_for(
-        "account.pick", intent="sso.reply", service_spn=service_spn,
+        "account.pick", intent="sso.reply", service_uuid=service_uuid,
     ))
 
 
-@blueprint.route('/saml/reply', methods=["POST"])
-def reply():
+@blueprint.route('/saml/<service_uuid>/reply', methods=["POST"])
+def reply(service_uuid):
     # First check the service and picked profile
     form = forms.SSOValidateForm()
     form.validate() or flask.abort(403)
     service = models.Service.query.get(service_uuid) or flask.abort(404)
-    profile = models.Profile.query.get(profile_uuid) or flask.abort(404)
-    if not (profile.user is flask_login.current_user and profile.service is service):
+    profile = models.Profile.query.get(form.profile_uuid.data) or flask.abort(404)
+    if not (profile.user == flask_login.current_user and profile.service == service):
         return flask.abort(403)
     # Parse the authentication request
     idp = server.Server(config=(MetaData.get_config(service)))
@@ -116,7 +116,7 @@ def reply():
     if not service.config["acs"] == request.message.issuer.text:
         return flask.abort(403)
     # Provide a SAML response
-    response = idp.cclass_refreate_authn_response(
+    response = idp.create_authn_response(
         identity={
             'uid': profile.username,
             'email': profile.email
diff --git a/trurt/sso/templates/sso_pick.html b/trurt/sso/templates/sso_pick.html
deleted file mode 100644
index 66a91c25a35749b60ae72650d178731ceea4d6b0..0000000000000000000000000000000000000000
--- a/trurt/sso/templates/sso_pick.html
+++ /dev/null
@@ -1,15 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Pick a profile{% endblock %}
-{% block subtitle %}for the service {{ service.spn }}{% endblock %}
-
-{% block content %}
-{% for profile in profiles %}
-<form method="POST" action="{{ action }}">
-    {{ form.hidden_tag() }}
-    <input type="hidden" name="service_id" value="{{ service.id }}">
-    <input type="hidden" name="profile_id" value="{{ profile.id }}">
-    <input type="submit" value="{{ profile.username }}">
-</form>
-{% endfor %}
-{% endblock %}
diff --git a/trurt/utils.py b/trurt/utils.py
index dc5cc549cbbe764be14d61de92137dfe943a0744..bc53f4a130cfd8154b27125973275fdc0cbbf62c 100644
--- a/trurt/utils.py
+++ b/trurt/utils.py
@@ -42,7 +42,7 @@ def url_or_intent(endpoint):
     intents = flask.request.args.get(INTENTS, "")
     if intents:
         intents = intents.split(":")
-        return url_for(intents.pop(0), intents=":".join(intents) or None)
+        return url_for(intents.pop(), intents=":".join(intents) or None)
     else:
         return flask.url_for(endpoint)