We run a SimpleSAMLphp IDP, and one of the SP's it is configured for (Cloudflare) provides multiple certificates in their public metadata, both of which have the exact same expiration date/time.
Normally, we would simply put the SP's certificate data into the certData attribute in the metadata for that SP.
Is there a way to configure multiple certificates for an SP?
Looking at the SimpleSAMLphp documentation for SP metadata, I don't see a way to do so.
I also reviewed this discussion, but it is about an IDP providing multiple certificates, rather than an SP providing multiple certificates, and I didn't see any clues there that helped me figure out an answer to this issue. There was also a discussion on one of the SSP mailing lists about multiple certs for an IDP (support was added in SSP 1.7.0), but it also does not seem to answer my question.