If you are using a SAML Identity Provider, ensure that
you configure the signing certificate for your SAML Identity Provider
as the Identity Provider Certificate before you upgrade to PAN-OS
9.0.9.xfr or later so that your users can continue to authenticate
successfully. Always configure the Identity Provider Certificate
when you configure SAML authentication and,
as a best practice, enable certificate validation when available.