By Mikkel Hald, 18/03/19
WAYF both accepts and itself issues digital signatures using the SHA-1 hashing algorithm. This, however, will end on July 1, 2019: From then on, WAYF will only accept signatures based on SHA-256 — and issue only such signatures itself.
Consequently, service providers receiving logins from WAYF must be able to validate signatures based on SHA-256, from July 1, 2019 on. And correspondingly, WAYF identity providers must be able to sign their responses using SHA-256 from that day on.