Ensure signature checking for SAML Responses is enabled by default

Ioannis Kakavas · Ioannis Kakavas · commit 5f6b078cdea0 · 2017-08-01T12:46:20.000+03:00
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
@@ -112,10 +112,9 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
         self.allow_unsolicited = False
         self.authn_requests_signed = False
         self.want_assertions_signed = False
-        self.want_response_signed = False
+        self.want_response_signed = True
         for foo in ["allow_unsolicited", "authn_requests_signed",
-                    "logout_requests_signed", "want_assertions_signed",
-                    "want_response_signed"]:
+                    "logout_requests_signed", "want_assertions_signed"]:
             v = self.config.getattr(foo, "sp")
             if v is True or v == 'true':
                 setattr(self, foo, True)
diff --git a/src/saml2/response.py b/src/saml2/response.py
@@ -470,7 +470,7 @@ def __init__(self, sec_context, attribute_converters, entity_id,
             return_addrs=None, outstanding_queries=None,
             timeslack=0, asynchop=True, allow_unsolicited=False,
             test=False, allow_unknown_attributes=False,
-            want_assertions_signed=False, want_response_signed=False,
+            want_assertions_signed=False, want_response_signed=True,
             conv_info=None, **kwargs):
 
         StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
