When running Siteminder as IdP, even if the SP certificate has been
updated for the Partnership, the SP Entity definition still showing
the old certificate.
Policy Server all versions
When the SP Entity brings the certificate, then the right way to
upgrade the certificate for signing the Authentication Request is to
ask the SP side to export the Metadata, and then import the Metadata,
and select the option "Update Existing". This will upgrade the
partnerships certificate with this SP as well as the SP Entity
Certificate as mentioned in the documentation (1).
The fact that the certificate is bound to the Entity probably reflects
the fact that the Entity has been created with a Metadata files which
brought the former certificate.
If you are editing a partnership, you can click Get Updates next
to this field to update the entity information. The latest
information from the entity configuration is propagated to the
partnership. However, if you edit the entity information directly
from the partnership, the changes do not get propagated back to
the individual entity configuration.