OpenSAML user discussion

[Patrick Krug <>]

I am having a problem with my saml implementation.     I have implemented my saml 1.1 using c# on windows.   The vendors saml implementation is using the opensaml programs.  
What am I doing wrong?
 
The error message on the vendors side is : XML::Parser detected an error during parsing: Element 'Signature' is not valid for content model
 
 
<Response xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns=\"urn:oasis:names:tc:SAML:1.0:protocol\" IssueInstant=\"2008-04-25T11:25:50Z\" MajorVersion=\"1\" MinorVersion=\"1\" Recipient=\"https://clinician.emdeon.com\" ResponseID=\"piiabmlphankocfbhhbhcomieogpcnaeilhclbbi\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#WithComments\"><InclusiveNamespaces PrefixList=\"#default saml samlp ds xsd xsi code kind rw typens\" xmlns=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>azbO17QKL8uQiwyg5CAPueZj3pk=</DigestValue></Reference></SignedInfo><SignatureValue>E6k88bQKCinDEyLe1Pz0EHxCmo4vmZnmqu9ceUbnHI///yNqe2zaFSm4xWPhTk61M9zTzLwBTuS+/xgjbIvEDnPl6FXreXF00P5wx+z/O2uAwwKpOtJb5UmVmJgcixBS0bt9h0TkI/7oLTJ1PgbIROM2jig+Ue9UaI4lvbJ5zP0=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBuTCCASKgAwIBAgIESAO9iDANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZCYXB0aXN0IE1lZGljYWwgQ2VudGVyMB4XDTA4MDQxNDIwMjQ0MFoXDTE4MDQxMjIwMjQ0MFowITEfMB0GA1UEAxMWQmFwdGlzdCBNZWRpY2FsIENlbnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvR30OZ5RDbcK0RjtPbGx5QizNlvsCfCyYkz6DiUIF7K/qAB6mqdVNr8VFQP8DngeJBUHi6Z3Y/B+SCQC3teJvocQRlVCz2lIY4dNCpmhHMTBjtz+yxuMtc77NEPNkK2aqWXLbIeYNDekcR1wbQltzIs9y+/1Y2j1KAIcV5HIKcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBUtHmdPXOkMU5GCJACdXwv+KylaS5zowMZ89V0JTuQGhIuSymsW8kKd7LluI2zQ3sdVCx4NE3/jYISTGlM01AJGJReBoDFkIaeozJ2t2Qch34mQ7L0SIrtUEUeBpIBmeS92NGQEKpHdDF/on+a92IooGnrNcYaEPh7zyOEBMuldg==</X509Certificate></X509Data></KeyInfo></Signature><Status><StatusCode Value=\"samlp:Success\" /></Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\" AssertionID=\"tag1\" IssueInstant=\"2008-04-25T11:25:51Z\" Issuer=\"Baptist Medical Center\" MajorVersion=\"1\" MinorVersion=\"1\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#WithComments\"><InclusiveNamespaces PrefixList=\"#default saml samlp ds xsd xsi code kind rw typens\" xmlns=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Y3/FsMUrUiE+Kj6WKbejGoQkRo=</DigestValue></Reference></SignedInfo><SignatureValue>mWwvz8Ts8PGMOwHWI0Om3xtr6WYFpk/H9+IPp4mujA7WkqAE5LUWCRGjJZHvb/jq6BDOM7DJcBmqZx49+R6HOKaBQxWbAC6mplz4hyZj6g8rgPtNuDRZJPejQV27+u9yMxjr3qGv61OS+LlkrMGqTUSrTb9MnYT+3pf6so8WyMM=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBuTCCASKgAwIBAgIESAO9iDANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZCYXB0aXN0IE1lZGljYWwgQ2VudGVyMB4XDTA4MDQxNDIwMjQ0MFoXDTE4MDQxMjIwMjQ0MFowITEfMB0GA1UEAxMWQmFwdGlzdCBNZWRpY2FsIENlbnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvR30OZ5RDbcK0RjtPbGx5QizNlvsCfCyYkz6DiUIF7K/qAB6mqdVNr8VFQP8DngeJBUHi6Z3Y/B+SCQC3teJvocQRlVCz2lIY4dNCpmhHMTBjtz+yxuMtc77NEPNkK2aqWXLbIeYNDekcR1wbQltzIs9y+/1Y2j1KAIcV5HIKcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBUtHmdPXOkMU5GCJACdXwv+KylaS5zowMZ89V0JTuQGhIuSymsW8kKd7LluI2zQ3sdVCx4NE3/jYISTGlM01AJGJReBoDFkIaeozJ2t2Qch34mQ7L0SIrtUEUeBpIBmeS92NGQEKpHdDF/on+a92IooGnrNcYaEPh7zyOEBMuldg==</X509Certificate></X509Data></KeyInfo></Signature><Conditions NotBefore=\"2008-04-24T11:25:51Z\" NotOnOrAfter=\"2008-04-26T11:25:51Z\"><AudienceRestrictionCondition><Audience>http://www.opensaml.org</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant=\"2008-04-25T11:25:52Z\" AuthenticationMethod=\"urn:oasis:names:tc:SAML:1.0:am:password\"><Subject xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\"><NameIdentifier>pkrug001</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response>"