I am pretty new to Friend as well but from the Friend source code I can say that the parameters name of your POST request matters. I guess you are following this example, if not, it's the best hint you can get actually. Notice the name of the form fields
All credential functions take a single argument, a map containing the available credentials, so as there is no explicit POST "/login" route, the Friend midleware is catching and using them as credentials for your credential-fn as shown here https://github.com/cemerick/friend/blob/master/src/cemerick/friend/workflows.clj#L76-78
So "username" and "password" should be the names of the parameters POSTed to the :login-uri
For newcomers that example is runnable here http://friend-demo.herokuapp.com/interactive-form/