Message Security Error (authnRequest should be signed)

I am trying to setup Okta on top of a SAML/Shibboleth IdP (university setting).

When I try the service using the “Assertion Consumer Service URL” , I am getting an error from my IdP: Message Security Error (authnRequest should be signed).

I asked them to check their logs and they told me that:

The metadata you submitted indicates authnRequest should be signed. But the actual authnRequest sent from your SP wasn’t signed.

How do I fix that?