WCF SAML: how to add X509Certificate and X509IssuerSerial to the same X509Data node?

I need to call an external web service that uses SAML to authenticate a user. I have referenced this sample code to create a saml request.

Here is the expected SAML request segment (note the X509Data node):

<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
    <dsig:SignedInfo>
        <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <dsig:Reference URI="#SAML-9KTXIL9ap20ntAzPdjYdEg22">
            <dsig:Transforms>
                <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </dsig:Transforms>
            <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <dsig:DigestValue>{removed}</dsig:DigestValue>
        </dsig:Reference>
    </dsig:SignedInfo>
    <dsig:SignatureValue>{removed}</dsig:SignatureValue>
    <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:X509Data>
            <dsig:X509Certificate>{removed}</dsig:X509Certificate>
            <dsig:X509IssuerSerial>
                <dsig:X509IssuerName>{removed}</dsig:X509IssuerName>
                <dsig:X509SerialNumber>{removed}</dsig:X509SerialNumber>
            </dsig:X509IssuerSerial>
            <dsig:X509SubjectName>{removed}</dsig:X509SubjectName>
            <dsig:X509SKI>{removed}</dsig:X509SKI>
        </dsig:X509Data>
    </dsig:KeyInfo>
</dsig:Signature>

      

        
        
        
      

    

Below is the SAML request segment:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <Reference URI="#SAML-9KTXIL9ap20ntAzPdjYdEg22">
            <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>{removed}</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>{removed}</SignatureValue>
    <KeyInfo>
        <X509Data>
            <X509Certificate>removed</X509Certificate>
        </X509Data>
        <o:SecurityTokenReference>
            <X509Data>
                <X509IssuerSerial>
                    <X509IssuerName>{removed}</X509IssuerName>
                    <X509SerialNumber>{removed}</X509SerialNumber>
                </X509IssuerSerial>
            </X509Data>
        </o:SecurityTokenReference>
    </KeyInfo>
</Signature>

      

        
        
        
      

    

Here is the key code that creates the SAML claim above:

public static SamlAssertion CreateX509Assertion(X509Certificate2 cert)
{
    List<string> confirmationMethods = new List<string>(1);
    confirmationMethods.Add("urn:oasis:names:tc:SAML:1.0:cm:bearer");

    SamlSubject samlSubject = new SamlSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", null, "admin", confirmationMethods, null, null);
    SamlAuthenticationStatement samlAuthenticationStatement = new SamlAuthenticationStatement(samlSubject, "urn:oasis:names:tc:SAML:1.0:am:password", DateTime.Now, null, null, null);

    List<SamlStatement> samlSubjectStatements = new List<SamlStatement>();
    samlSubjectStatements.Add(samlAuthenticationStatement);

    DateTime issueInstant = DateTime.UtcNow;
    SamlAssertion samlAssertion = new SamlAssertion("SAML-9KTXIL9ap20ntAzPdjYdEg22", "www.site.com",
            issueInstant,
            new SamlConditions(issueInstant, issueInstant + new TimeSpan(0, 5, 0)),
            null,
            samlSubjectStatements
            );

    SecurityKeyIdentifier ski = new SecurityKeyIdentifier();

    // Here is the problem!!!
    X509RawDataKeyIdentifierClause secClause = new X509RawDataKeyIdentifierClause(cert);
    X509IssuerSerialKeyIdentifierClause x509Clause = new X509IssuerSerialKeyIdentifierClause(cert);
    ski.Add(secClause);
    ski.Add(x509Clause);

    X509AsymmetricSecurityKey signingKey = new X509AsymmetricSecurityKey(cert);
    samlAssertion.SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest, ski);

    return samlAssertion;
}

      

        
        
        
      

    

You can see that using the above code will split the X509Data in the KeyInfo node. I need to put them in the same node key. Is there a way to do this?