IdP Certificate Validity checking

[Cantor, Scott]

> I'll feed this back but also point out that other IdP implementations may behave
> differently.

s/may/will

The vast majority will not accept expired.

The only reason I can continue to rail about that stupidity is that most of them *not only* require them to be valid but also require they get manually updated when they change so what you have there is the worst of both worlds. All the downside, no upside.

-- Scott