Login problems with Posit Connect

Today users reported trying to login to a Posit Connect server was returning an error message saying "There was a problem logging in. Please try again." It's running on a Linux server using SAML authentication to our campus Shibboleth instance, and has been working for some time. In /var/log/rstudio-connect.log, I'm seeing

2023/09/11 13:38:54 /connect/src/connect/vendor/github.com/rstudio/saml/sp/sp.go:175: (saml) SAML request received with path /login
2023/09/11 13:38:54 /connect/src/connect/vendor/github.com/rstudio/saml/sp/sp.go:175: (saml) Found a SAML encryption key
2023/09/11 13:38:54 /connect/src/connect/vendor/github.com/rstudio/saml/sp/sp.go:175: (saml) Creating authentication request
2023/09/11 13:38:54 /connect/src/connect/vendor/github.com/rstudio/saml/sp/sp.go:175: (saml) Returning authentication request as redirect
2023/09/11 13:38:55 /connect/src/connect/vendor/github.com/rstudio/saml/sp/sp.go:175: (saml) SAML request received with path /login/saml/acs
2023/09/11 13:38:55 /connect/src/connect/vendor/github.com/rstudio/saml/sp/sp.go:175: (saml) Found a SAML encryption key
2023/09/11 13:38:55 /connect/src/connect/vendor/github.com/rstudio/saml/sp/sp.go:175: (saml) Handling authentication response
2023/09/11 13:38:55 SAML handling error trying to read assertion from SAML response: cannot validate signature on Response: Cert is not valid at this time

I've doublechecked that the TLS certificate that nginx itself is using on the server isn't the problem. Any ideas?

Our IAM folks seem to have fixed this -- though they did note

"This looks like a vendor erroring on the certificate expiring despite that not being in the SAML spec."

But all that's Ελληνικά to me. In any event logins work again.