Hi, It's a nice work.
When i ran it on adfs server it outputted two private key like this:

[-] Private Key: F1-5A-5F-C0-26-29-80-07-E1-FC-C4-70-2C-12-BB-C5-28-04-42-A4-35-62-90-07-B1-D0-CA-7D-26-ED-F6-95

[-] Private Key: DD-AD-55-55-B6-50-21-BA-7E-B2-97-33-B5-42-58-4C-D3-3D-A6-AD-AC-30-0C-30-CD-83-5D-0E-62-BC-CC-ED

Why did this happen? Witch key is correct?

This is probably because at one point the signing certificate was reencrypted. I'm not sure why this happens, but it does.

I would just try both keys and see which one works. Unfortunately I don't have a better answer right now. It is an open item for me to add code that outputs only the right private key.

You can check in ADSI on the AD server to see the date of these keys. Use the one that matches to the ADFS signing cert creation date. But, just trying both will also work.