Very sad that we have February 2020 and we are still facing this BUG CSCuj66703 with CUCM/Unity Cluster.
If you have to renew the ADFS certificates in MS Server you have the possibility to have a primary and secondary Token signing certificate. Today CUCM/Unity can not handle that. When you have a primary and secondary token signing certificate and renew the certificate you got an error message "Error while processing SAML Response" .
The workaround is to edit the federation xml file and delete the second certificate manualy, that is very odd.
In our case we found a better way to handle that problem. If you have the possibility delete the (old) second Token signing/decrypting. Then download the new ADFS Meta trust file, with just one Token signing certificate.
![error_while_processing_saml_response.png error_while_processing_saml_response.png](https://community.cisco.com/t5/image/serverpage/image-id/67029iEA228DECB800277D/image-size/large?v=v2&px=999)
Please add support for Auto Certificate Rollover or add at least support for two Token Signing Certificates in CUCM version 14.
Thx and Best Regards
Thiago