From d616922457e6384c974c16507c1f0693ae42677f Mon Sep 17 00:00:00 2001
From: Jason McIntosh <jason.mcintosh@harness.io>
Date: Tue, 16 Sep 2025 09:52:10 -0500
Subject: [PATCH] fix(saml): Disable signing requests when not enabled

---
 .../spinnaker/gate/security/saml/SAMLConfiguration.java        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gate-saml/src/main/java/com/netflix/spinnaker/gate/security/saml/SAMLConfiguration.java b/gate-saml/src/main/java/com/netflix/spinnaker/gate/security/saml/SAMLConfiguration.java
index 32e5afa7aa..46f5d8c3ef 100644
--- a/gate-saml/src/main/java/com/netflix/spinnaker/gate/security/saml/SAMLConfiguration.java
+++ b/gate-saml/src/main/java/com/netflix/spinnaker/gate/security/saml/SAMLConfiguration.java
@@ -93,6 +93,9 @@ public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
       // requests
       if (properties.isSignRequests()) {
         builder.signingX509Credentials(c -> c.addAll(properties.getSigningCredentials()));
+      } else {
+        builder.assertingPartyDetails(
+            assertingPartyDetails -> assertingPartyDetails.wantAuthnRequestsSigned(false));
       }
       RelyingPartyRegistration registration = builder.build();
       return new InMemoryRelyingPartyRegistrationRepository(registration);