diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb
index f703b22930a..b0fafd61581 100644
--- a/app/controllers/saml_idp_controller.rb
+++ b/app/controllers/saml_idp_controller.rb
@@ -157,6 +157,8 @@ def capture_analytics
   end
 
   def matching_cert_serial
+    return if saml_request_service_provider.blank?
+
     saml_request.matching_cert&.serial&.to_s
   rescue SamlIdp::XMLSecurity::SignedDocument::ValidationError
     nil
diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb
index dbf77b8f238..a022d221408 100644
--- a/spec/controllers/saml_idp_controller_spec.rb
+++ b/spec/controllers/saml_idp_controller_spec.rb
@@ -2070,6 +2070,7 @@ def name_id_version(format_urn)
       end
 
       before do
+        allow_any_instance_of(Saml::XML::Document).to receive(:signed?).and_return true
         IdentityLinker.new(user, service_provider).link_identity
         user.identities.last.update!(verified_attributes: ['email'])
         expect(CGI).to receive(:unescape).and_return deflated_encoded_req
@@ -2087,7 +2088,7 @@ def name_id_version(format_urn)
           requested_nameid_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
           authn_context: [],
           authn_context_comparison: 'exact',
-          request_signed: false,
+          request_signed: true,
           requested_ial: 'none',
           endpoint: "/api/saml/auth#{path_year}",
           idv: false,