Log a warning for insecure configurations

Author: Ioannis Kakavas

src/saml2/client_base.py

@@ -126,6 +126,11 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
             if v is False or v == 'false':
                 setattr(self, param, False)
 
+        if self.entity_type == "sp" and not any(self.want_assertions_signed,
+                                                self.want_response_signed):
+            logger.warning("The SAML service provider accepts unsigned SAML Responses " +
+                           "and Assertions. This configuration is insecure.")
+
         self.artifact2response = {}
 
     #