Thanks for this! I was hitting the 400 Error Code: GENERAL_NONSUCCESS" Error from Okta after doing the Certificate auth, and it turned out that the new Okta app you create in Workspace One Access needs its Signature Algorithm set to SHA-256 instead of SHA-1. After that Okta wasn't giving me the "failure : Unable to validate incoming SAML Assertion" error.