...
For Java, you'll need to enable debug logging for org.apache.xml.security.utils.DigesterOutputStream
. In some rare cases, where the the problem is not that the signed XML itself has been changed but rather the contents of the <ds:Signature>
element itself, you may need to also examine the debug logging for org.apache.xml.security.utils.SignerOutputStream
.
The C++ library starting with version 1.6 includes some logging support for obtaining the digested octets. You can set an environment variable called XSEC_DEBUG_FILE and point it to a file to receive the information. When the C++ OpenSAML stack is used, there is explicit logging support via the usual logging mechanisms in the "XMLTooling.Signature.Debugger" category.