diff --git a/Gemfile b/Gemfile
index ac279f88ff9..9b7a889eee9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,7 @@ gem 'rails', '~> 6.1.4'
 @doc_auth_gem ||= { github: '18F/identity-doc-auth', tag: 'v0.11.0' }
 @hostdata_gem ||= { github: '18F/identity-hostdata', tag: 'v3.3.0' }
 @logging_gem ||= { github: '18F/identity-logging', tag: 'v0.1.0' }
-@saml_gem ||= { github: '18F/saml_idp', tag: 'v0.14.2-18f' }
+@saml_gem ||= { github: '18F/saml_idp', tag: 'v0.14.3-18f' }
 @telephony_gem ||= { github: '18f/identity-telephony', tag: 'v0.3.0' }
 @validations_gem ||= { github: '18F/identity-validations', tag: 'v0.6.0' }
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 7d05eaa8447..0050cdac083 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -35,10 +35,10 @@ GIT
 
 GIT
   remote: https://github.com/18F/saml_idp.git
-  revision: 89d93da7b45cad7f01b5335f762f5f020d40765f
-  tag: v0.14.2-18f
+  revision: cf2ec293aa2c12e8679adfa7d6807a8d77814f4c
+  tag: v0.14.3-18f
   specs:
-    saml_idp (0.14.2.pre.18f)
+    saml_idp (0.14.3.pre.18f)
       activesupport
       builder
       faraday
diff --git a/app/controllers/concerns/saml_idp_auth_concern.rb b/app/controllers/concerns/saml_idp_auth_concern.rb
index 8c5e660bf1a..499081f34ff 100644
--- a/app/controllers/concerns/saml_idp_auth_concern.rb
+++ b/app/controllers/concerns/saml_idp_auth_concern.rb
@@ -158,11 +158,8 @@ def encryption_opts
     if query_params[:skip_encryption].present? && current_service_provider&.skip_encryption_allowed
       nil
     elsif current_service_provider&.encrypt_responses?
-      cert = saml_request.service_provider.matching_cert ||
-             current_service_provider&.ssl_certs&.first
-
       {
-        cert: cert,
+        cert: saml_request.service_provider.matching_cert,
         block_encryption: current_service_provider&.block_encryption,
         key_transport: 'rsa-oaep-mgf1p',
       }