---
layout: docs
page_title: "Troubleshoot ADFS and SAML: AD FS event 320"
description: >-
Fix connection problems in Vault due AD FS event 320 when using Active
Directory Federation Services (ADFS) as an SAML provider.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# AD FS event 320
Troubleshoot problems where your AD FS event logs show error 320.
## Example debugging data
AD FS event log shows the following error:
```shell-session
The verification of the SAML message signature failed.
Message issuer: MyVaultIdentifier
Exception details:
MSIS7086: The relying party trust 'MyVaultIdentifier' indicates that authentication requests sent by this relying party will be signed but no signature is present.
```
## Analysis
Verify that `SignedSamlRequestsRequired` is `false` for your AD FS Relying Party
Trust for Vault:
```powershell
Get-AdfsRelyingPartyTrust -Name ""
```
For example:
```powershell
Get-AdfsRelyingPartyTrust -Name "Vault"
```
## Solution
Set `SignedSamlRequestsRequired` to `false`:
```powershell
$ Set-AdfsRelyingPartyTrust `
-TargetName "" `
-SignedSamlRequestsRequired $false
```
For example:
```powershell
$ Set-AdfsRelyingPartyTrust `
-TargetName "Vault" `
-SignedSamlRequestsRequired $false
```
## Additional resources
- [SAML auth method Documentation](/vault/docs/auth/saml)
- [SAML API Documentation](/vault/api-docs/auth/saml)
- [Set up an AD FS lab environment](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/set-up-an-ad-fs-lab-environment)