With this patch, the SIGN_METHOD and SIGN_DIGEST settings on the SAML2SignatureGenerationHandler work:
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" >
<Option Key="SIGN_METHOD" Value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Option Key="SIGN_DIGEST" Value="http://www.w3.org/2001/04/xmlenc#sha256"/>
</Handler>