diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d5128035..6360fb63c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -127,7 +127,7 @@
 
 #### 💣 Major Changes
 
-- deps: use node-saml v4.  See node-saml changelog for breaking changes: https://github.com/node-saml/node-saml/blob/master/CHANGELOG.md#v400-2022-10-28 [#796](https://github.com/node-saml/passport-saml/pull/796)
+- deps: use node-saml v4. See node-saml changelog for breaking changes: https://github.com/node-saml/node-saml/blob/master/CHANGELOG.md#v400-2022-10-28 [#796](https://github.com/node-saml/passport-saml/pull/796)
 - Update node-saml to beta 5 -- See node-saml changelog for breaking changes [#783](https://github.com/node-saml/passport-saml/pull/783)
 - Update node-saml dependency [#770](https://github.com/node-saml/passport-saml/pull/770)
 - Update to support node-saml@4.0.0-beta.3 [#707](https://github.com/node-saml/passport-saml/pull/707)
diff --git a/README.md b/README.md
index 3ca7f2d88..d733e31eb 100644
--- a/README.md
+++ b/README.md
@@ -179,9 +179,12 @@ object that represents the user.
 You need to provide a route corresponding to the `path` configuration parameter given to the
 strategy:
 
+#### Express v4.x
+
 The authentication callback must be invoked after the `body-parser` middleware.
 
 ```javascript
+// Express v4
 const bodyParser = require("body-parser");
 
 app.post(
@@ -197,6 +200,25 @@ app.post(
 );
 ```
 
+#### Express v5.x
+
+The authentication callback must be invoked after the `express.urlencoded({ extended: false })` middleware.
+
+```javascript
+// Express v5
+app.post(
+  "/login/callback",
+  express.urlencoded({ extended: false }),
+  passport.authenticate("saml", {
+    failureRedirect: "/",
+    failureFlash: true,
+  }),
+  function (req, res) {
+    res.redirect("/");
+  },
+);
+```
+
 ### Authenticate requests
 
 Use `passport.authenticate()`, specifying `saml` as the strategy: