I have 2 active certificates in my service provider configuration (LocalCertificateSerialNumber & SecondaryLocalCertificateSerialNumber). This comes in handy as when there is a need to replace a certificate, I can't expect every external Identity provider we work with to migrate to the new certificate simultaneously. This works well with Id Initiated SSO.
However we recently started working with SP Initiated SSO.
I'm wondering if there is any way to specify, per Identity provider, which certificate to use to sign AuthNRequest when issuing the InitiateSSO method?