> There is nothing wrong with the generated Signature. The empty reference > URI in conjunction with the enveloped signature transform, points to the > parent Element of the Signature. So it's a perfectly valid Signature.
It's not a valid SAML signature, however. (Not that this answers the OP's question, but the OP is in fact obligated to use an ID reference. -- Scott
