Add config option for specifying SignatureMethod/DigestMethod

src/saml2/client_base.py

@@ -119,9 +119,12 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
             v = self.config.getattr(foo, "sp")
             if v is True or v == 'true':
                 setattr(self, foo, True)
+        for algorithm in ('signing_algorithm', 'digest_algorithm'):
+            setattr(self, algorithm, self.config.getattr(algorithm, "sp"))
 
         self.artifact2response = {}
 
+
     #
     # Private methods
     #

src/saml2/config.py

@@ -54,7 +54,9 @@
     "validate_certificate",
     "extensions",
     "allow_unknown_attributes",
-    "crypto_backend"
+    "crypto_backend",
+    "signing_algorithm",
+    "digest_algorithm",
 ]
 
 SP_ARGS = [
@@ -221,6 +223,8 @@ def __init__(self, homedir="."):
         self.attribute = []
         self.attribute_profile = []
         self.requested_attribute_name_format = NAME_FORMAT_URI
+        self.signing_algorithm = None
+        self.digest_algorithm = None
 
     def setattr(self, context, attr, val):
         if context == "":

src/saml2/entity.py

@@ -423,6 +423,12 @@ def unpack_soap_message(text):
 
     def sign(self, msg, mid=None, to_sign=None, sign_prepare=False,
              sign_alg=None, digest_alg=None):
+        if sign_alg is None and self.signing_algorithm:
+            sign_alg = self.signing_algorithm
+
+        if digest_alg is None and self.digest_algorithm:
+            digest_alg = self.digest_algorithm
+
         if msg.signature is None:
             msg.signature = pre_signature_part(msg.id, self.sec.my_cert, 1,
                                                sign_alg=sign_alg,