[OpenID] check_authentication

I'm trying to test how the RP library I'm working on handles stateless 
mode - all works fine up to the point where I request that the OP verify 
the sig in the response. Whatever OP I try they all respond that the sig 
is not valid. It seems it must be some bug in my code but I really can't 
figure out what the problem could be?

For testing I'm forcing stateless session mode, so there's no 
association negotiated and the only params sent in the redirect url are 
openid.ns, openid.mode, openid.realm, openid.return_to, openid.identity 
and openid.claimed_id (also for testing purposes I'm preventing any 
extensions being added). The response to the authetication request is 
positive and passes all verification tests right up to the point where I 
request the OP to verify the sig, the response for which always contains 
is_valid=FALSE. I have checked and checked and double checked that - as 
the specs dictate - the check_authentication request post data only 
contains the exact same query params as received from the OP in the 
positive assertion except with the mode changed to 'check_authentication'.

As the response of is_valid=false is so uninformative and as far as I 
can tell I have followed the specs this has me kind of stumped.

I know this is tricky without source code or debug data but does anyone 
have any idea as to what could be the problem - or what I should try in 
order to find out??

many thanks,

=james.tindall