IST changed from a single to multiple signing certs which show up in
different places in the IdP metadata which caused applications to
not complete the authentication process as they could not validate
the response even though Touchstone was returning the user data
How does this address that need:
Provides information on the places certs can show up and suggests
we expect either and not rely on just one
Why are these changes being introduced:
How does this address that need: