Description of problem: It needs to be possible to configure the signature algorithm for IDP and SP. PLINK-497 needs to be backported to EAP 6.4.x Fix committed here: http://git.app.eng.bos.redhat.com/git/picketlink25.git/log/?h=2.5.5.SP8-redhat-1_JBEAP-14116
With this patch, the SIGN_METHOD and SIGN_DIGEST settings on the SAML2SignatureGenerationHandler work: <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" > <Option Key="SIGN_METHOD" Value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <Option Key="SIGN_DIGEST" Value="http://www.w3.org/2001/04/xmlenc#sha256"/> </Handler>
cherry picked from commit https://github.com/jbossas/redhat-picketlink/commit/f253a02a81de6f200342ec50eab38b20d40f6151 PR sent: https://github.com/jbossas/redhat-picketlink/pull/57