From 7977d1475e23c1a801d7d300810e0dd2d429158f Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Tue, 9 Jul 2024 09:49:27 +0530
Subject: [PATCH] plugins: make default signature check mandatory (#9357)

This improves upon #9219, to make the signature checks mandatory by
default but allows for users to relax the setting if they really must.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../main/java/org/apache/cloudstack/saml/SAML2AuthManager.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
index a5dae36581c..27f17cee6b1 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -70,7 +70,7 @@ public interface SAML2AuthManager extends PluggableAPIAuthenticator, PluggableSe
     ConfigKey<Integer> SAMLTimeout = new ConfigKey<Integer>("Advanced", Integer.class, "saml2.timeout", "1800",
             "SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300", true);
 
-    ConfigKey<Boolean> SAMLCheckSignature = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.check.signature", "false",
+    ConfigKey<Boolean> SAMLCheckSignature = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.check.signature", "true",
             "Whether SAML2 signature must be checked, when enforced and when the SAML response does not have a signature would lead to login exception", true);
 
     public SAMLProviderMetadata getSPMetadata();