Are you talking about having multiple SAMLs ??
You can have multiple configs for 'SAML Authentication Handler' here /system/console/configMgr
Multiple signing keys from the same IDP. I don't think it's a SAML configuration issue as much as it a back end capability to accept multiple signing keys from the same IDP.
From our Security Engineering Group
Here is the basic flow:
Additionally, once a certificate is found, it could be flagged for some session period to become the default certificate for validation purposes which would help eliminate the need to perform the IF-ELSE checks each time.
Thanks for details. We store idpCertAlias as string & need to change to array to match your need. Sounds doable, can you please file a support request to track this enhancement?