In a SAML 2.0 federation, Identity Server and the service provider sign their messages using their respective signing certificates. These message signatures are verified by both trusted providers before processing a SAML 2.0 request. If these signing certificates expire, the federation does not work as expected. The administrators need to exchange the new certificates to resume federation services. When the signing certificate expires, the administrator needs to update the certificates and the metadata that results in interruption of the services, impacting the business continuity.
To continue with the services of SAML 2.0 service providers without impacting the continuity of the services, Access Manager provides the following provisions: