From time to time a federation's signing certificate will expire and they will contact you to tell you about it. When that happens, this is what to do to keep OpenAthens SP up to date:
Updates to federations you have added by the toggles on the connection are managed centrally for you.
As with any changes to individual IdPs you have added in the additional identity providers section, you would need to delete the item with the old certificate and then re-add the updated metadata.
In both cases the changes will be picked up when OpenAthens SP re-caches the metadata every 24 hours (or sooner if the metadata has an earlier
cacheDuration time). If you needed it to happen more immediately, you would need to clear the files from the OpenAthens cache folder and restart your webserver.