Due to a bug in either FedUtil, or ACSLabs, I am adapting this WCF AppFabric labs sample to use the default signing certificate of ACS instead of a custom one.
Question: How do I extract the signing cert used in the ACS Labs for use within WCF?
What do you need the signing cert for?
I think what's probably happening, is that ACS WS-FederationMetadata is not being updated with your custom certificate. But this should very simple to fix: if you own the cert, you know the thumbprint too. Just replace the value in the web.config and try again.
So, to summarize:
1- If you use a custom cert: upload to ACS, configure ACS to use the cert for signing, run FedUtil and then make sure the web.config of your app has your cert thumbprint.
2- If you use the default signing cert, just run FedUtil and everything should just work.