Expose login.saml.signatureAlgorithm.

[#127421237] https://www.pivotaltracker.com/story/show/127421237
[#131686497] https://www.pivotaltracker.com/story/show/131686497

Backport from develop

jobs/uaa/spec

@@ -724,6 +724,9 @@ properties:
   login.saml.wantAssertionSigned:
     description: "Global property to request that external IDPs sign their SAML assertion before sending them to the UAA"
     default: false
+  login.saml.signatureAlgorithm:
+    description: "Signature hashing algorithm for SAML. Can be SHA1, SHA256, or SHA512."
+    example: SHA256
   login.url:
     description: |
       Set if you have an external login server.

jobs/uaa/templates/login.yml.erb

@@ -143,6 +143,7 @@
   add_value(params, p('login.saml.signMetaData'), 'login', 'saml', 'signMetaData') if p_opt('login.saml.signMetaData')
   add_value(params, p('login.saml.signRequest'), 'login', 'saml', 'signRequest') if p_opt('login.saml.signRequest')
   add_value(params, p('login.saml.wantAssertionSigned'), 'login', 'saml', 'wantAssertionSigned')
+  if_p('login.saml.signatureAlgorithm') { |alg| add_value(params, alg, 'login', 'saml', 'signatureAlgorithm') }
 
   if_p('login.saml.providers') do |samlProviders|
     samlProviders.reject {|k,_| k.to_s == ''}.each do |idpAlias,idpProvider|

spec/compare/bosh-lite-login.yml

@@ -44,6 +44,7 @@ login:
     signMetaData: true
     signRequest: true
     wantAssertionSigned: false
+    signatureAlgorithm: SHA256
     socket:
       connectionManagerTimeout: 10000
       soTimeout: 10000

spec/input/bosh-lite.yml

@@ -1011,6 +1011,7 @@ properties:
     protocol:
     restricted_ips_regex:
     saml:
+      signatureAlgorithm: SHA256
       providers:
         okta-signed-or-encrypted:
           idpMetadata: |