Security keys in service metadata
We use one public key for SP and another for IDP but they are linked to the same private key.
We should only manage on public key (or certificate) and use it everywhere.
We can also use on key for signing, and another for encryption.