i have a problem while sending WS-FederationRequest from ADFS to OWA. I have added into my web.config section about issuer:

<system.identityModel>
   <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
      <trustedIssuers>
        <add name="https://domain/adfs/ls/" thumbprint="XXX-XXX"/>
      </trustedIssuers>
    </issuerNameRegistry>
</system.identityModel>

Thumbprint is from section ADFS -> service -> Token-signing primary certificate
The same certificate is installed in Trusted Root Certification

There is a keycloak in the rotation but adfs – keycloak – adfs is working well, i can singup.

Problem is:
Exchange Server 2019. x-adfserror: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

Used: Set-AdfsProperties -AutoCertificateRollover $true