This is regarding SAML SSO Integration with Cloudflare. I am referring to the below section given under your docs for Generic SAML 2.0
This optional configuration signs the Access JWT with the Cloudflare Access public key to ensure that the JWT is coming from a legitimate source. The Cloudflare public key can be obtained at
It has two public keys given. Idp is not sure that which public key will be used by Cloudflare to sign the authentication request. Our Idp is not able to verify the SAML authentication request.
My question is Why there are two public cert keys given in Cloudflare SAML metadata ?
Screenshot attached for the reference-