SAML Signed Response

I’m using a SAML2 app in Okta to sign into a SP using flask_saml2. I’m able to login successfully as long as I do not set the Response in the app to signed. When I try to use a signed response I get the error below. Does anyone know what is misconfigured in my app and how I can correct it?

OpenSSL.crypto.Error: [(‘rsa routines’, ‘RSA_padding_check_PKCS1_type_1’, ‘invalid padding’), (‘rsa routines’, ‘rsa_ossl_public_decrypt’, ‘padding check failed’)]