Hello Team,

We configured the IDP, Everything was fine until the certificate renewal. Our AD was setup with Primary and Secondary certificate with Primary being the new certificate. The federation metadata xml had 2 certificates and the auto upload metadata file was always taking the secondary certificate. I looked at IDP logic, there is no code to handle this scenario. 

I also tried exporting the primary certificate and manually uploaded to Primary certificate, however this one also gave Not valid signature error. This is an issue with IDP which needs to be addressed for people that might have this way of certificate renewal. 

Is there any plan by IDP team to address this at all? Happy to share a sample metadata xml if interested.