i think i solved...
but not in a canonical approach and i hope a patch will be done...
i replaced xmlsec-1.5.1.jar with the previous version xmlsec-1.4.6.jar and correct relative module.xml in org\apache\santuario\xmlsec\main and now it works.
Seems to me that last santuario has something wrong: anyone know something about?