Manually verifying RSA signature in SAML response

Question

I've been trying to verify a signature of a SAML Response after finding that .NET's SignedXml has an issue (where the exact same SAML Response can be verified using Java). I know why this is, which has lead me to wanting to verify the signature myself, which shouldn't be too difficult. In theory.

The long-and-short of it is I have some fairly vanilla RSA signature code, and using an external tool to calculate the expected digest of the SignedInfo element to compare to.

The code below truncates the signature and modulus for readability. But I've tested and proven on other calculations that the Big-Endian -> Little-Endian conversion and un-signing the resulting number works as I would have expected.

    var sigString = "Xxfh0hq34DGIQibeBrNcYuU/XD0aX...IviQm/5jZK6pD9wReldSPoo=";
    var sigBytes = Convert.FromBase64String(sigString).Reverse().Append<byte>(0x0).ToArray();
    var s = new BigInteger(sigBytes);

    var modulusString = "lg4dkGLwfAApoNtWoX...oxvjjaGfH9PzoE=";
    var modulusBytes = Convert.FromBase64String(modulusString).Reverse().Append<byte>(0x0).ToArray();
    var n = new BigInteger(modulusBytes);

    var exponentString = "AQAB";
    var exponentBytes =  Convert.FromBase64String(exponentString).Reverse().Append<byte>(0x0).ToArray();
    var e = new BigInteger(exponentBytes);

    var r = BigInteger.ModPow(s, e, n);

    var expectedB64 = "XeHIN99Mkt5A/HswHotEndGJ6ahw/0l8jbjy92Fjsaw=";
    var expected = new BigInteger(Convert.FromBase64String(expectedB64).Reverse().Append<byte>(0x0).ToArray());

    var expectedHex = expected.ToString("X");
    var resultHex = r.ToString("X");
    
    //Removing pkcs1.5 padding
    var actualHex = resultString.Substring(resultString.Length - expectedString.Length);


    Debug.Assert(resultHex == actualHex); //Fail