The FileSystemKeyStoreManagerImpl component only reads the keystore.jks when it activates. Consequently if using an existing X.509 certificate for SAML, you need to somehow cause this component to reactivate. For example by re-saving the referenced SamlConfiguration via System Settings or by a portal restart. This is not a very good UX.
Additionally, if you add your certificate via KeyTool and then press "Save" on the "General" tab of the SAML Admin Portlet (without doing the above) then your certificate is removed from the keystore.