Client asked to update our cert to their adfs. Couldn’t find a good way to troubleshoot this using google so started to examine all the configuration files in /etc/shibboleth.
Led me to federationmetadata.xml.
Found section keydescriptor that looked like a certificate so I added a new section with the new cert.
<KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MII......hidden......</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor>