Comment by nimish
Xml canonicalization is insane but necessary. Far more complex than the signature process itself
Then the incredibly stupid need to modify the signed document to insert the signature online so verifying it requires a full blown parser among other things
Exactly, I had worked on creating a implementation of saml in go, initially I wanted to use the builtin xml library but quickly found it to be overwhelmingly difficult and ended up creating a binding to xmlsec.