diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index c356e55b11aee4c1d7a3ecfb5a68a11006c898fe..2b53d278628e96efe98b46351d29e5b7d67aff28 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -138,6 +138,7 @@ resource "keycloak_saml_client" "saml_gitlab" {
   name = "Arch Linux Accounts"
   enabled = true
 
+  signature_algorithm = "RSA_SHA256"
   sign_documents = true
   sign_assertions = true