...
1. Create a new key pair that is compliant with the federation
2. Create a copy of Copy the existing metadata already published in the federation and add a new KeyDescriptor element containing the public key certificate. The metadata should now contain the old and the new KeyDescriptor element. If there is a KeyDescriptor for signing and one for encrypting do this for both
3. Uploaded certificate for the new key pair. Repeat this process for all KeyDescriptor elements, if applicable.
3. Upload the metadata to the federation. Read more about how to publish metadata on the federation website
4. Wait for the new metadata to propagatebe distributed and accepted by all relevant parties.
5. Configure the software to use the new private key
6. Remove the old KeyDescriptor element from the metadata and upload it to the federation.
...