Using the SAML plugin (https://github.com/jenkinsci/saml-plugin/blob/main/doc/CONFIGURE.md), the certificates of the jenkins side (SP) and file saml-sp-metadata.xml with them are generated after set the IDP metadata, but they not renewwed until thye expire. In that case, you loss the login until the new certiticates are created and you send them to the IDP provider.
How can we anticiapte this without loss of service?