Your signature elements appear to have
identical canonical form. Canonicalization should remove the superfluous
namespace declarations that appear in the DOM serialization, so I don't think
that's the problem.
These are enveloped signatures. It's possible (probable, in
fact) that the envel
I have seen this problem before in another context, but I cannot
remember if/how I resolved it. It has something to do with the
serialization to DOM in that it removes the xmlns:ds namespace
attributes which breaks the signature. You might try to invoke
org.apache.xml.security.utils.XMLUtils.ci
