diff --git a/docker/gotrue.patch b/docker/gotrue.patch
index 335859ed..45d30103 100644
--- a/docker/gotrue.patch
+++ b/docker/gotrue.patch
@@ -1,15 +1,25 @@
-# This patch is done because there is no way to enable SSO/SAML at the moment
-
 diff --git a/internal/api/api.go b/internal/api/api.go
 index d9016fd0..924ce018 100644
 --- a/internal/api/api.go
 +++ b/internal/api/api.go
 @@ -175,7 +175,7 @@ func NewAPIWithVersion(ctx context.Context, globalConfig *conf.GlobalConfigurati
  		})
-
+ 
  		r.Route("/sso", func(r *router) {
 -			r.Use(api.requireSAMLEnabled)
 +			// r.Use(api.requireSAMLEnabled)
  			r.With(api.limitHandler(
  				// Allow requests at the specified rate per 5 minutes.
  				tollbooth.NewLimiter(api.config.RateLimitSso/(60*5), &limiter.ExpirableOptions{
+diff --git a/internal/api/saml.go b/internal/api/saml.go
+index d936ff2f..011d098c 100644
+--- a/internal/api/saml.go
++++ b/internal/api/saml.go
+@@ -24,6 +24,7 @@ func (a *API) getSAMLServiceProvider(identityProvider *saml.EntityDescriptor, id
+ 		externalURL.Path += "/"
+ 	}
+ 
++	externalURL.Path += "gotrue/"
+ 	externalURL.Path += "sso/"
+ 
+ 	provider := samlsp.DefaultServiceProvider(samlsp.Options{
diff --git a/tests/collab/workspace_collab.rs b/tests/collab/workspace_collab.rs
index 77681f54..b315e8fb 100644
--- a/tests/collab/workspace_collab.rs
+++ b/tests/collab/workspace_collab.rs
@@ -23,7 +23,7 @@ async fn edit_workspace_without_permission() {
 
   assert_client_collab(&mut client_1, &workspace_id, json!({"name": "AppFlowy"}), 3).await;
 
-  /// client 2 has not permission to read/edit the workspace
+  // client 2 has not permission to read/edit the workspace
   assert_client_collab(&mut client_2, &workspace_id, json!({}), 3).await;
 }