plugins: make default signature check mandatory (#9357)

rohityadavcloud · web-flow · commit 7977d1475e23 · 2024-07-09T09:49:27.000+05:30
This improves upon #9219, to make the signature checks mandatory by default but allows for users to relax the setting if they really must. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -70,7 +70,7 @@ public interface SAML2AuthManager extends PluggableAPIAuthenticator, PluggableSe
     ConfigKey<Integer> SAMLTimeout = new ConfigKey<Integer>("Advanced", Integer.class, "saml2.timeout", "1800",
             "SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300", true);
 
-    ConfigKey<Boolean> SAMLCheckSignature = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.check.signature", "false",
+    ConfigKey<Boolean> SAMLCheckSignature = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.check.signature", "true",
             "Whether SAML2 signature must be checked, when enforced and when the SAML response does not have a signature would lead to login exception", true);
 
     public SAMLProviderMetadata getSPMetadata();
