this is a unsign saml response xml, the value need be change every submit was replaced by {time1} or {guid1}.
before sign the xml, those value will be update.  otherwise it will not pass the Saml validation.
If you got "Assertion was replayed" error. that because the time is not correct or AssertionId already be used.



After the Saml Xml build and signed, there is one more thing need change,
the RSA Saml Relay part only take the signature before the issuer, but the DotNet sign the xml and insert as the last Child, so we need additional code to make it work:

            SignXmlHelper.SignXml(xmlDoc, cert, "ID", guid1);
            //var item=  xmlDoc.GetElementsByTagName("Signature").Item(0);
            XmlElement xmlElement = xmlDoc.DocumentElement;
            var signatureNode = xmlElement.LastChild;
            xmlElement.InsertAfter(signatureNode, xmlElement.FirstChild);

            var outstr = xmlDoc.OuterXml;
Last notice:
 when you post the saml, in saml1, the target url is TargetUrl, but for saml2, it changed to relaystate