<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
SAML Assertion Error "The digital signature algorithm used in the SAML response does not meet the minimum requirements"
Nov 11, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article explains why a 400 error may occur when users attempt to access an Identity Provider (IdP). The following error is present in the Okta System Logs:

 

Unable to validate incoming SAML Assertion with the Error Message: The digital signature algorithm used in the SAML response does not meet the minimum requirements. Required "SHA-256", but received "SHA-1".

 

Applies To
  • Security Assertion Markup Language (SAML)
  • Identity Provider (IdP)
  • Single Sign On
Cause

The error occurs because the IdP is sending a SHA-1 certificate, but a SHA-256 certificate is required.

Solution

There are two possible solutions: 

  • Contact the IdP and request that the signature algorithm be changed to SHA-256.
    • NOTE: This is the recommended solution.
  • Change the signature algorithm to SHA-1 in the Identity Provider settings within Okta.
    • NOTE: This solution is not recommended as SHA-1 is less secure than SHA-256.

Recommended content

Still looking for help?
Loading
SAML Assertion Error "The digital signature algorithm used in the SAML response does not meet the minimum requirements"