...
Haka recommends the use of self-signed certificates with a reasonably long validity period when processing SAML messages.
For service providers it is recommended to use two separate keys for encryption and signing.
In SAML message exchange certificates are used to sign and/or encrypt messages between identity and service providers. In the SAML use case certificate needs to be applicable to both client- and server-use. This must be taken into account when creating certificates.
...