I'm currently working on a single sign-on implementation using the ComponentPro SAML library with a vendor that uses Ping Identity as their SSO provider. The code is pretty basic, we're creating a SAML2 Response object, creating an assertion with a few attributes and encrypting it, signing the response last and then posting it. The issue we're having however is Ping is rejecting the response saying the expected message digest does not match the actual message digest. We're basically stuck at this point, Ping is doing some investigation but their initial feedback is that there is something wrong with the signing. During our investigation of the issue with the vendor we found the generated response is accepted by Ping if we don't use message level encryption. It's not an option to forego message level encryption however, that was just to try to help narrow the issue. Wondering if anyone else has run into this situation or knows of anything that could be of help as we're completely stuck at this point. Thanks!