If signature or encryption is configured for SAML protocol assertions when
linking with an identity provider, you must perform one of the following actions if the Common Services certificate or the
identity provider certificate is updated:
- If the Common Services certificate is updated, update the Common Services certificate registered in the identity provider.
- If the identity provider certificate is updated, update the identity provider certificate registered in Keycloak.
If you link with an identity provider by using the OIDC protocol, you do not need to perform this procedure.