I am working on an environment where we have this combination, and we are due to update the certificates soon.
When I updated the certificate on the lab environment it broke SAML authentication with an error 401 right after the authentication.
Upon inspecting the UAG and ADFS logs it seems like when the Relaying Party trust was configured from the file downloaded from the UAG, it included the old certificate in the signature.
I am newish to SAML and ADFS, but is the expectation, any way to avoid?
Or is my cert replacement going to have an additional level of pain to it?