Hello @lsteinbrecher,
the following knowledge base articles may help:
Automatically changing the certificates for the single sign-on configuration by an app is absolutely not recommended, because the scenarios can be vary a lot.
The target environment needs to make the SSO endpoint publicly available on its own and the above linked articles should help with that.
Best regards,
Nico