Authentication request signing fails if cert is trusted #998
Description
Hi,
I'm encountering an issue where signing the authentication request with xmlsec1 fails if the certificate whose private key is used to sign the request is also in OpenSSL's trust store. (Using pyaml2 7.5.0 and xmlsec1 1.3.0).
The reason seems to boil down to OpenSSL getting confused about which is the public and which is the private key, and the use of the --lax-key-search parameter when invoking xmlsec1. The author explained the issue here: lsh123/xmlsec#939
AFAIU pysaml2 could include a KeyName field in the XML we're signing and tell xmlsec1 to use that key explicitly (e.g. --privkey-pem:MyKey key.pem). We also shouldn't need --lax-key-search then anymore, I believe.
Is there any way to configure the SP to do this already that I have just missed? If not, I'll be happy to work on a PR given a bit of guidance. I.e. could we just hard-code a KeyName, or would you want to tie this in with #992 for example?
Thanks in advance!