This variable is used to provide an alternative certificate for authentication, which useful for certificate rotation: see Certificate Rotation.

The certificate must be in PEM format (see Privacy-Enhanced Mail).

AUTHENTICATION_METHOD=saml
PUBLIC_URL=$YOUR_SERVER_BASE_URL
SAML_IDP_SIGN_ON_URL=$IDP_SIGNON_URL
SAML_IDP_ENTITY_ID=$IDP_ENTITY_ID
SAML_IDP_CERTIFICATE=$PATH_TO_PEM
SAML_ALTERNATIVE_IDP_CERTIFICATE=$PATH_TO_PEM
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true

$PATH_TO_PEM might be /home/humio/GoogleIDPCertificate-humio.com.pem.

See also SAML_IDP_SIGN_ON_URL.