From time to time it happens that the certificates on the ADFS server are renewed. Cisco then has a problem with Secondary Token Signing and the metadata file has to be adjusted manually.
To fix this export the certificate and open it with a text editor and copy the content (hint: just copy the end of the certificate)
Then open the MetaData file and search for the “copied” certificate.
Delete everything:
<KeyDescriptor use="signing">....</KeyDescriptor>
To make it clear delete this (inlcuding KeyDescriptor):
Then import the modified MetaData file to the UC servers and run the SSO test.
In most cases, the token signing certificate appears 3x in the MetaData file. That means you have to delete this part 3x from the Metadata file.