From e4d0783bb2c768a89b3580c1a41eae133a94a333 Mon Sep 17 00:00:00 2001
From: Markus Strehle <strehle@users.noreply.github.com>
Date: Thu, 27 Jun 2019 08:06:51 +0200
Subject: [PATCH] change default for LogoutResponse

according to
SAML2 spec http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf lines 1276-1277 logout messages must be signed in case of front channel.
see also https://github.com/spring-projects/spring-security-saml/issues/145
---
 .../security/saml/metadata/ExtendedMetadata.java                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/org/springframework/security/saml/metadata/ExtendedMetadata.java b/core/src/main/java/org/springframework/security/saml/metadata/ExtendedMetadata.java
index cf8e5d03e..a562a95cb 100755
--- a/core/src/main/java/org/springframework/security/saml/metadata/ExtendedMetadata.java
+++ b/core/src/main/java/org/springframework/security/saml/metadata/ExtendedMetadata.java
@@ -127,7 +127,7 @@ public class ExtendedMetadata implements Serializable, Cloneable {
     /**
      * Flag indicating whether incoming LogoutResposne messages must be authenticated.
      */
-    private boolean requireLogoutResponseSigned;
+    private boolean requireLogoutResponseSigned = true;
 
     /**
      * If true received artifactResolve messages will require a signature, sent artifactResolve will be signed.