<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Setting SAML's WantAuthnRequestsSigned Value to True
Jul 11, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article addresses the supportability of the SAML parameter WantAuthnRequestsSigned.

Applies To
  • SAML 2.0
  • WantAuthnRequestsSigned
Cause

Okta currently does not support importing Service Provider metadata for SAML applications; therefore, settings for the WantAuthnRequestsSigned are not supported.

Solution

The WantAuthnRequestsSigned value for a custom SAML 2.0 app in Okta will always be set to False due to the fact that Okta does not currently allow for the import of SP certs or signing validation of AuthN requests. Instead, the AuthN request is secured using the app-configured DestinationURL.


This means that the Destination URL must be configured. By default, it is the SSO URL; however, another value can be assigned by unchecking the Use this for Recipient URL and Destination URL option. Any other DestinationURL that might be passed by a user with the respective AuthnRequest will be disregarded.

Recommended content

Still looking for help?
Loading
Setting SAML's WantAuthnRequestsSigned Value to True