Describe the bug
Since SSOCircle changes certificates quite often, an external keystore is needed to properly separate the building stage and the running stage while using Docker images.

To Reproduce
Steps to reproduce the behavior:

1. The command docker run -it --rm -p 8080:8080 -t vdenotaris/spring-saml-sp:2.1.0-openjdk8 just fails when a new certificate is deployed for SSOCircle.

Expected behavior
Upgrade the certificate within the running stage instead the onbuild.

Updated IdP configuration. This feature is not anymore a priority.