This issue comes up because your IDP changes the X.509 certificates of your applications. This is also called a certificate rollover. This causes the Single Sign-On to break because the certificates need to be updated in the applications to match the new certificates which the IDP has changed.
There is a functionality in the plugin to take care of this change called Refresh Metadata. This feature fetches and updates the information in the plugin in certain time intervals based on the latest metadata offered by the Identity Provider in the IDP’s metadata URL.
Here are the steps to enable this setting:
1. Go to Configure IDP tab and click on Upload Metadata sub-tab.
2. Select your IDP from the list of IDPs or select Import from URL.
3. Enter the metadata URL of your IDP.
4. Select the Refresh Metadata periodically? checkbox.
5. Select a time interval in which you want the add-on to update the metadata.