// code per FAQ 3.2
xmlNodePtr rnode = NULL;
rnode = xmlDocGetRootElement(doc);

xmlAttrPtr attr;
xmlAttrPtr tmp;
int i;
xmlChar* name;
xmlNodePtr cur = rnode;
xmlChar *id = "ID";

for(attr = cur->properties; attr != NULL; attr = attr->next) {
                if(xmlStrEqual(attr->name, id)) {
                        name = xmlNodeListGetString(doc, attr->children, 1);
                        if(name != NULL) {
                                tmp = xmlGetID(doc, name);
                                if(tmp == NULL) {
                                        xmlAddID(NULL, doc, name, attr);
                                } else if(tmp != attr) {
                                        xmlSecError(XMLSEC_ERRORS_HERE,
                                                    NULL,
                                                    NULL,
                                                    XMLSEC_ERRORS_R_INVALID_DATA,
                                                    "id=%s already defined",
                                                    xmlSecErrorsSafeString(name));
                                }
                                xmlFree(name);
                        }
                }
        }



There are 2 Sig nodes in the XML.
The doc root element has an ID attribbute and the Signature node is direct child of the root
with reference URI to the ID attr in the doc root.

I was assuming I can just ignore the Sig element that exists deeper in the doc.
Or does some ordering come into play? 



RESULT: Signature is INVALID -1006498752
---------------------------------------------------

= VERIFICATION CONTEXT
== Status: succeeded
== flags: 0x00000000
== flags2: 0x00000000
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000001
==== keyUsage: 0x00000002
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
=== Transform: membuf-transform (href=NULL)
== Signature Method:
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Key:
== KEY
=== method: RSAKeyValue
=== key type: Public
=== key usage: -1
=== key not valid before: 1458586152
=== key not valid after: 1774118952
=== rsa key: size = 2048
=== list size: 1
=== X509 Data:
==== Key Certificate:
==== Subject Name: /C=US/ST=New York/L=Melville/O=KEMP Technologies, Inc/OU=RABID TEAM/CN=saml-sp/emailAddress=jmalek@kemptechnologies.com
==== Issuer Name: /C=US/ST=New York/L=Melville/O=KEMP Technologies, Inc/OU=RABID TEAM/CN=saml-sp/emailAddress=jmalek@kemptechnologies.com
==== Issuer Serial: 9E2A9BFB723DC4D7
==== Certificate:
==== Subject Name: /C=US/ST=New York/L=Melville/O=KEMP Technologies, Inc/OU=RABID TEAM/CN=saml-sp/emailAddress=jmalek@kemptechnologies.com
==== Issuer Name: /C=US/ST=New York/L=Melville/O=KEMP Technologies, Inc/OU=RABID TEAM/CN=saml-sp/emailAddress=jmalek@kemptechnologies.com
==== Issuer Serial: 9E2A9BFB723DC4D7
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: succeeded
== URI: "#_cd9f2da882db1145341bd06067816a00826eb28512"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: 
=== uri xpointer expr: #_cd9f2da882db1145341bd06067816a00826eb28512
=== Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
=== Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:
=== list size: 0
= VERIFICATION CONTEXT
== Status: succeeded
== flags: 0x00000000
== flags2: 0x00000000
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000001
==== keyUsage: 0x00000002
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
=== Transform: membuf-transform (href=NULL)
== Signature Method:
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Key:
== KEY
=== method: RSAKeyValue
=== key type: Public
=== key usage: -1
=== key not valid before: 1458586152
=== key not valid after: 1774118952
=== rsa key: size = 2048
=== list size: 1
=== X509 Data:
==== Key Certificate:
==== Subject Name: xxxxxxxxxxxxxxxx
==== Issuer Name: xxxxxxxxxxxxxxxx
==== Issuer Serial: 9E2A9BFB723DC4D7
==== Certificate:
==== Subject Name: xxxxxxxxxxxx
==== Issuer Name: xxxxxxxxxxxx
==== Issuer Serial: 9E2A9BFB723DC4D7
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: succeeded
== URI: "#_cd9f2da882db1145341bd06067816a00826eb28512"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: 
=== uri xpointer expr: #_cd9f2da882db1145341bd06067816a00826eb28512
=== Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
=== Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:
=== list size: 0