[xmlsec] Verify XML signature with multiple KeyName

[Paolo Smiraglia]

On Fri, 29 Jun 2018 at 17:38, Leif Johansson <leifj at mnt.se> wrote:
> My guess is that Scott just tries to iterate over all possible
> combinations... Is this a key rollover situation btw?

No. The double KeyName is because the tool that I used to sign the
metadata (samlsign) iterated over all the subjectAlternativeName.
After some experiment I obtained that a KeyName is added for each
subjectAlternativeName.

> What saml profile is this trying to comply with? Is it perhaps eIDAS?

More or less. It is SPID, the Italian federation.

-- 
PAOLO SMIRAGLIA