Workaround for xmlsec breaking when SHA1 is deprecated: Allow signature and digest algorithm as parameters ...

[thomaswar]

... for metadata generation. Also using sha256 as default to prevent xmlsec breaking on systems where sha1 is disabled.

Details

Pull allows for additional parameters --signature-algorithm and --digest-algorithm in scripts/saml_metadata.py which are applied when signing is true (the default).
Given Strings should reference xmldsig (mirroring frontend/backend configuration) like "SIG_RSA_SHA256".

Change of behavior

Defaults in scripts/saml_metadata.py select SHA256 instead of SHA1 (SHA1 is just the default in pysaml2) to avoid metadata generation breaking on systems where SHA1 is already deprecated and thus xmlsec1 unable to sign metadata. Which was the reason for the change in the first place (RHEL9).

All Submissions:

• Have you checked to ensure there aren't other open Pull Requests for the same update/change?
• Have you added an explanation of what problem you are trying to solve with this PR?
• Have you added information on what your changes do and why you chose this as your solution?
• Have you written new tests for your changes?
• Does your submission pass tests?
• This project follows PEP8 style guide. Have you run your code against the 'flake8' linter?