signing SOAP message request via ADFS

We are working on an implementation of a Microsoft crm 2011 SOAP connector written in objective-c (without visual studio's libraries).
We are already able to contact the adfs server and obtain two valid security tokens.
Our trouble regards the definition of the XML message for a crm server request when an adfs server is present in the chain authentication. In fact we are able to calculate the <DigestValue> value (based on the timestamp of the request), but we don't know how to generate the <SignatureValue> value.

A correct request sniffed with Fiddler2 software follows:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/xrm/2011/Contracts/Discovery/IDiscoveryService/Execute</a:Action>
    <a:MessageID>urn:uuid:7b96791d-9c6e-4980-8444-1f51bdc00023</a:MessageID>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <a:To s:mustUnderstand="1">https://organization.domain.it/XRMServices/2011/Discovery.svc</a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2011-09-09T14:30:50.724Z</u:Created>
        <u:Expires>2011-09-09T14:35:50.724Z</u:Expires>
      </u:Timestamp>
      <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
              <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            </e:EncryptionMethod>
            <KeyInfo>
              <o:SecurityTokenReference>
                <X509Data>
                  <X509IssuerSerial>
                    <X509IssuerName>CN=Org Enterprise Root CA, DC=organization, DC=local</X509IssuerName>
                    <X509SerialNumber>25XXXXXXXXXXXXXX40863677</X509SerialNumber>
                  </X509IssuerSerial>
                </X509Data>
              </o:SecurityTokenReference>
            </KeyInfo>
            <e:CipherData>
              <e:CipherValue>CVjfOFx/.......hS6GpZRB1U9hz7HPQ6c6TYjs=</e:CipherValue>
            </e:CipherData>
          </e:EncryptedKey>
        </KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>LGefKxg.........6wC9l79o=</xenc:CipherValue>
        </xenc:CipherData>
      </xenc:EncryptedData>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
          <Reference URI="#_0">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>Y2zNKG9CsoAMKZgHiP1s7L9TZV4=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>1gSJwVWNfqU34VzSk3Z0+Ams1Gw=</SignatureValue>
        <KeyInfo>
          <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
            <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_d639d615-b45e-4c56-814e-86dc43914c2b</o:KeyIdentifier>
          </o:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </o:Security>
  </s:Header>
  <s:Body>
    <Execute xmlns="http://schemas.microsoft.com/xrm/2011/Contracts/Discovery">
      <request i:type="RetrieveOrganizationsRequest" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
        <AccessType>Default</AccessType>
        <Release>Current</Release>
      </request>
    </Execute>
  </s:Body>
</s:Envelope>

From http://www.w3.org/TR/xmldsig-core/ , we suppose that we should apply the HMAC-SHA1 algorithm to the entire “SignedInfo” tag canonical content:

<SignedInfo>
 <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></SignatureMethod>
 <Reference URI="#_0">
  <Transforms>
   <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
  </Transforms>
  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
  <DigestValue>Y2zNKG9CsoAMKZgHiP1s7L9TZV4=</DigestValue>
 </Reference>
</SignedInfo>

But we don't know which key must be used in the signing algorithm. From the w3c documentation we suppose that the  <KeyInfo> tag contains the key we need. How the tokens should be used? We try to use both of the cipher Values as keys but we always find out a (Base64 encoded) value different from 1gSJwVWNfqU34VzSk3Z0+Ams1Gw= .

We appreciate any kind of help.

Thanks