From b3d57d273a3e54372d30c1415bccf0492d7f3bb6 Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ikakavas@noc.grnet.gr>
Date: Wed, 2 Aug 2017 12:28:13 +0300
Subject: [PATCH] Explicitly enable signature checking in example config as a
 sane default

---
 example/plugins/backends/saml2_backend.yaml.example | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/example/plugins/backends/saml2_backend.yaml.example b/example/plugins/backends/saml2_backend.yaml.example
index 81b9b90b9..1e15088d4 100644
--- a/example/plugins/backends/saml2_backend.yaml.example
+++ b/example/plugins/backends/saml2_backend.yaml.example
@@ -15,6 +15,7 @@ config:
     entityid: <base_url>/<name>/proxy_saml2_backend.xml
     service:
       sp:
+        want_response_signed: true
         allow_unsolicited: true
         endpoints:
           assertion_consumer_service:
@@ -24,4 +25,4 @@ config:
           - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
         name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
   # disco_srv must be defined if there is more than one IdP in the metadata specified above
-  disco_srv: http://disco.example.com
\ No newline at end of file
+  disco_srv: http://disco.example.com