Signed SAML 2.0 assertion does not validate against
saml-schema-assertion-2.0.xsd when serialized. The signature should be inserted
after the Issuer element.
Cause of the problem is the following code:
DOMSignContext dsc = new DOMSignContext(privKey, assertionElement);
This statement should use the three arg constructor to prevent insertion of the
signature at the end of the assertion:
DOMSignContext(KeySelector ks, Node parent, Node nextSibling)