The Saml Signing Certificate included in the SP Metadata appears to only be valid for one year, after which the Customer may be presented with a message in the Citrix Admin Portal as follows..
It looks like a two-week notice period is given as upon checking the certificate Expiry was for exactly two weeks after the date given in the message above,
There is an article written by Citrix telling you how to fix this... https://support.citrix.com/article/CTX560704/saml-signing-certificate-rotation-required-before-expiration
However what you probably just need to do is download the SP metadata again, by following steps 6 - 10 in this wiki guide DualShield Preparation for Citrix Workspace
The SP metadata file will contain the old certificate and the new certificate string..
You can upload it as it is or you may wish to edit the file and remove the old certificate information. If you edidt in Notepad++ then you can delete rows 1-9
To upload the new SP Metadata please go to SSO>Service Providers on Dualshield Admin Console, edit the entry for Citrix Cloud.
Then Edit Medata
Click Save
Click Save again on the Service Provider edit screen.