Well, the metadata also contains the certificate to verify the splunk signatures on the SAML requests. And this certificate has a limited lifetime. So if ADFS is able to fetch the new certificates on a schedule, there's no admin overhead to keep the two in sync.
But i guess that i could have the proxy handle the authorization for Splunk and then i'll have to write a custom scheduled task to fetch the meta data from ADFS, update the IDP certificate and reload the config like you suggested in the first link.
Thank for the pointer!
... View more