ADFS 2.0 and above versions have a feature called AutoCertificateRollover that will automatically updates the Decrypt and Signing certificates in ADFS, and by default these certificates will have a lifetime of 1 year. If you have federations (Relying Party Trusts) configured and the Service Provider (SP) is not using the ADFS metadata file to keep…