Saml message test validation

response-gen.rb

name_id = "1234567"
time = Time.now
Saml.current_provider = Saml.provider("com:localhost")
status_code = Saml::Elements::StatusCode.new(value: Saml::TopLevelCodes::SUCCESS)
status = Saml::Elements::Status.new(status_code: status_code)
partner_id = Saml::Elements::Attribute.new(
  name: "PartnerId",
  format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',
  attribute_value: 'PartnerVal'
)
user_id = Saml::Elements::Attribute.new(
  name: "UserId",
  format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',
  attribute_value: name_id
)
time_stamp = Saml::Elements::Attribute.new(
  name: "TimeStamp",
  format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
  attribute_value: time.iso8601
)

attribute_statement = Saml::Elements::AttributeStatement.new(
  attribute: [partner_id, insured_id, time_stamp])

subject = Saml::Elements::Subject.new(
  _name_id:       name_id,
  recipient:      'https://localhost:3000/saml/consume',
  in_response_to: "_#{time}"
)

assertion = Saml::Assertion.new(
  subject: subject,
  attribute_statement: attribute_statement
)

signed_xml_assertion = Saml::Util.sign_xml(assertion)

response = Saml::Response.new(
  status:         status,
  _id:            "_#{time.to_i}",
  version:        "2.0",
  in_response_to: "_#{time}",
  assertions:     [Saml::Assertion.parse(signed_xml_assertion)]
)

Saml::Util.verify_xml(response.assertion, signed_xml_assertion)

Nope, that doesn't work either. We have a client trying to validate using .Net code and it always comes back with a bad sig error.

I've tried the samlr lib a little and their validate method kicks out the libsaml created message with an error as well. Only it's validating it against the saml schema xsd. I'm still trying to reduce the problem down to see what exactly is happening and where it's going wrong. Saml is a big standard and there be dragons.