signature check fails if whole response is signed

[chad3814]

Google Apps for business has a SSO app you can add that is a SAML 2.0 IdP. Google doesn't sign just the assertion, it signs the whole response, so the signature check fails in saml2-js.

Google's xml has a <Reference> in the <Signature> that points to the id of the root tag, and xml-crypto looks like it correctly handles this; when I hacked saml2-js to check the whole doc instead of just the <Assertion> it passed.
zip of Google's SAML response

[chad3814]

I guess this probably relates to #48; @bcoe or @jefff would you like to me to rebase that code and issue a new PR?

[jefff]

If you'd be willing to, that'd be great!