Ability to specify signing algorithm for custom SAML resources

Service providers sometimes require signatures to use a specific algorithm, like SHA-256, for custom SAML connections. Currently, if the signing algorithm is not explicitely specified in the SP metadata within a signature block, OpenAthens will default to SHA-1 even if the x509 certificate has an SHA-256 fingerprint.

SP's do not always specify SHA-256 signing algorithm in the metadata they provide, and since SAML metadata is typically auto-generated, having them add it to the metadata so OpenAthens sends signatures using SHA-256 can be an uphill battle.

The ability to specify SHA-256 for custom SAML resources would negate the need to go back and forth with the SP to obtain metadata with SHA-256 specified in the XML metadata they provide. The vast majority of IdP's (Okta, Azure, etc.) have this capability when configuring resources, OpenAthens should have this capability as well. Additionally, SHA-1 is largely obsolete, and SHA-256 should be the defaulted algorithm when the x509 certificate has an SHA-256 fingerprint as SHA-256 has largely replaced SHA-1 as the preferred SAML signing algorithm.