Documents‎ > ‎4. Troubleshoots​‎ > ‎

Error: ID4220: The SAML Assertion is either not signed or the signature’s KeyIdentifier cannot be resolved to a SecurityToken

ID4220: The SAML Assertion is either not signed or the signature’s KeyIdentifier cannot be resolved to a SecurityToken. Ensure that the appropriate issuer tokens are present on the token resolver. To handle advanced token resolution requirements, extend Saml11TokenSerializer and override ReadToken.

This means you most likely used the wrong Certificate. You can solve this issue by running "install.bat" or by the following power-shell commands

$CPath = "C:\XXXXX\<Name of Cert>.cer"
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("$CPath")
New-SPTrustedRootAuthority -Name "<Call it what you want>" -Certificate $cert
$STS = Get-SPTrustedIdentityTokenIssuer
$STS | Set-SPTrustedIdentityTokenIssuer -ImportTrustCertificate $Cert
Comments