From 5f6b078cdea07623919988daa3e1b5be3ea7309c Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ikakavas@noc.grnet.gr>
Date: Tue, 1 Aug 2017 12:46:20 +0300
Subject: Ensure signature checking for SAML Responses is enabled by default

---
 src/saml2/client_base.py | 5 ++---
 src/saml2/response.py    | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index 50b457d1..997e43e4 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -112,10 +112,9 @@ class Base(Entity):
         self.allow_unsolicited = False
         self.authn_requests_signed = False
         self.want_assertions_signed = False
-        self.want_response_signed = False
+        self.want_response_signed = True
         for foo in ["allow_unsolicited", "authn_requests_signed",
-                    "logout_requests_signed", "want_assertions_signed",
-                    "want_response_signed"]:
+                    "logout_requests_signed", "want_assertions_signed"]:
             v = self.config.getattr(foo, "sp")
             if v is True or v == 'true':
                 setattr(self, foo, True)
diff --git a/src/saml2/response.py b/src/saml2/response.py
index 5ca75bf1..3c938e69 100644
--- a/src/saml2/response.py
+++ b/src/saml2/response.py
@@ -470,7 +470,7 @@ class AuthnResponse(StatusResponse):
             return_addrs=None, outstanding_queries=None,
             timeslack=0, asynchop=True, allow_unsolicited=False,
             test=False, allow_unknown_attributes=False,
-            want_assertions_signed=False, want_response_signed=False,
+            want_assertions_signed=False, want_response_signed=True,
             conv_info=None, **kwargs):
 
         StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
-- 
cgit v1.2.1