Allow token signing and decryption on a per-relying party basis
Currently ADFS only signs tokens with the primary token-signing certificate. This makes renewing the certificate difficult if an organization has many relying party trusts configured, as the swap has to be coordinated with multiple vendors.
Please allow the signing certificate to be configured on a per-relying party basis. This would allow each relying party to migrate to the new certificate on their own schedules, as opposed to a single "big bang" approach.
Samuel Devasahayam [MSFT] commented
ACK. We couldn't get to it for 2019. In our backlog.
Yes! That would make my life a LOT easier. And it would ease my mind when adding new relying party trusts.