saml: use RSA-SHA256 signature method (#32010)

tests/test_saml_auth.py

@@ -109,6 +109,7 @@ def test_login(pub):
     saml2.perform_login()
     assert req.response.status_code == 302
     assert req.response.headers['location'].startswith('http://sso.example.net/saml2/sso?SAMLRequest')
+    assert 'rsa-sha256' in req.response.headers['location']
 
 def get_authn_response_msg(pub, ni_format=lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT):
     idp_metadata_filepath = os.path.join(pub.app_dir,
@@ -370,6 +371,7 @@ def test_saml_logout(pub):
     assert req.session.user is not None
     body = saml2.slo_sp()
     assert req.response.headers['location'].startswith('http://sso.example.net/saml2/slo?SAMLRequest=')
+    assert 'rsa-sha256' in req.response.headers['location']
     assert req.session.user is None
 
 def test_saml_idp_logout(pub):

wcs/qommon/misc.py

@@ -81,6 +81,7 @@ def get_lasso_server():
         get_abs_path(get_cfg('sp')['saml2_metadata']),
         get_abs_path(get_cfg('sp')['privatekey']),
         None, None)
+    server.signatureMethod = lasso.SIGNATURE_METHOD_RSA_SHA256
 
     # Set encryption private key
     encryption_privatekey = get_abs_path(get_cfg('sp').get('encryption_privatekey'))