As of today, when Picketlink IDP signs SAML assertion, it only supports SHA1 algorithm. It should also support signing assertion with SHA256 which is a option provided in SAML spec.

Service provider should also have option to choose (which SHA1/SHA256) they want their assertions signed by IDP.