The xml below is an assertion I generated and signed using "YOUR" private key. This one validates fine. You can compare this with your assertion and see what the differences might be.


<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="_c0ce328c0cf250613fa66e5c8ae2d808" IssueInstant="2015-11-09T19:31:59.104Z" Version="2.0">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.uphealth.com/castlight.shtml</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_2cd9bce1d503bc896431cbbb46acb992" IssueInstant="2015-11-09T19:31:59.104Z" Version="2.0">
        <saml2:Issuer>https://www.uphealth.com/castlight.shtml</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <ds:Reference URI="#_2cd9bce1d503bc896431cbbb46acb992">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ds:DigestValue>JfI1dXHwabsJffwGrULQkTlfeWs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>tzHjVh5gi/gcUtrXy1Uv0MabA6g6vxAR7sBpXz2c/PZ0rQbKB1y7swOJ/RUlXR6GGPor0lF+31xOxZpFhZvkpBm4PqhgHEyHfKHB18xOdR4IelqQgUY3LI1v2t1kDHZNH2XyeNbo6pIwfBul86YMeleA2VZSZs0jl7SwLgCb+lkHMnUHLVJQc9JhOWUFyKfrUitVAOYH4oN6llGLQB/5pvO+XkUktSMSXBspcH+78UMXVfAij02d6FefN58BUDmo3qmiBbR8BNUCkeeUy6wgLN+r6sw+nsWqmMseufRTI805FF2bYx2VXxGt9lKw7qgFlw0jbaxq/+dcUnioeKwqeQ==</ds:SignatureValue>
		</ds:Signature>
        <saml2:Subject>
            <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">00123</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData NotOnOrAfter="2015-11-09T20:01:59.104Z" Recipient="http://xxxxx"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2015-11-09T19:31:59.104Z" NotOnOrAfter="2015-11-09T20:01:59.104Z">
            <saml2:OneTimeUse/>
            <saml2:AudienceRestriction>
                <saml2:Audience>qa.us.castlighthealth.com:saml2.0</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2015-11-09T19:31:59.104Z" SessionIndex="_1fac001969c0d831c6b3988e20827081" SessionNotOnOrAfter="2015-11-09T20:01:59.104Z">
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute Name="identifier_type">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">employee_number</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="Last4SSN">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">6789</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="DobMMDD">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1212</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>