diff --git a/cmd/saml2aws/commands/login.go b/cmd/saml2aws/commands/login.go
index e30259ff2..44db23a71 100644
--- a/cmd/saml2aws/commands/login.go
+++ b/cmd/saml2aws/commands/login.go
@@ -105,7 +105,7 @@ func Login(loginFlags *LoginFlags) error {
 		return errors.Wrap(err, "Failed to assume role, please check you are permitted to assume the given role for the AWS service")
 	}
 
-	// fmt.Println("Selected role:", role.RoleARN)
+	fmt.Println("Selected role:", role.RoleARN)
 
 	sess, err := session.NewSession()
 	if err != nil {
@@ -200,7 +200,7 @@ func resolveRole(awsRoles []*saml2aws.AWSRole, samlAssertion string, loginFlags
 		if loginFlags.RoleSupplied() {
 			return saml2aws.LocateRole(awsRoles, loginFlags.RoleArn)
 		}
-		role = awsRoles[0]
+		return awsRoles[0], nil
 	} else if len(awsRoles) == 0 {
 		return nil, errors.New("no roles available")
 	}
diff --git a/cmd/saml2aws/commands/login_test.go b/cmd/saml2aws/commands/login_test.go
index de386151f..51ebc2e31 100644
--- a/cmd/saml2aws/commands/login_test.go
+++ b/cmd/saml2aws/commands/login_test.go
@@ -16,3 +16,20 @@ func TestResolveLoginDetails(t *testing.T) {
 	assert.Empty(t, err)
 	assert.Equal(t, loginDetails, &saml2aws.LoginDetails{Username: "wolfeidau", Password: "testtestlol", Hostname: "id.example.com"})
 }
+
+func TestResolveRoleSingleEntry(t *testing.T) {
+
+	adminRole := &saml2aws.AWSRole{
+		Name:         "admin",
+		RoleARN:      "arn:aws:iam::456456456456:saml-provider/example-idp,arn:aws:iam::456456456456:role/admin",
+		PrincipalARN: "arn:aws:iam::456456456456:role/admin,arn:aws:iam::456456456456:saml-provider/example-idp",
+	}
+
+	awsRoles := []*saml2aws.AWSRole{
+		adminRole,
+	}
+
+	got, err := resolveRole(awsRoles, "", &LoginFlags{})
+	assert.Empty(t, err)
+	assert.Equal(t, got, adminRole)
+}