Configuring Shibboleth IDP to use SHA-256
From GFIPM Implementation Wiki
About
The Shibboleth IDP by default signs all SAML Assertions/Responses with SHA-1. The Federal Government has been pushing a move to the use of SHA-256 since 2010, and it's important for FICAM compliance that GFIPM implementations of the Shibboleth IDP use SHA-256.
This change cannot be accomplished with a library from GTRI available for download here:
Then to enable the use of SHA-256 the Shibboleth configuration must be updated to use the code within this library by editing the internal.xml file and adding this line:
<bean id="shibboleth.idp.ext.OpensamlCustomCryptoConfig" class="edu.internet2.middleware.shibboleth.idp.ext.cryptoconfig.OpensamlCustomCryptoConfigBean" depends-on="shibboleth.OpensamlConfig" />