Automatically fetch the new SSO certificate/fingerprint

When an account is configured to use SSO, occasionally a certificate can be updated/changed in the SSO provider.

When this happens, a user trying to log into Aha! will see the error "SAML response certificate does not match fingerprint".

The recommended action for accounts configured with a metadata URL is to go into their Aha! SSO settings and click "Update" to re-fetch the certificate and capture/update the fingerprint. It typically takes a few minutes for this update to work successfully.

It would be a smoother process to automatically attempt to re-fetch this data when we get this error and change the error message to prompt the user to re-try after a certain time period.

Support article on this error: https://www.aha.io/support/ideas/integrations/account-single-sign-on/troubleshooting-sso#saml-response-certificate-does-not-match-fingerprint