From c243b6640c036142fd450b67fe43ebd31b1bdf99 Mon Sep 17 00:00:00 2001
From: Eli Yukelzon <reflog@gmail.com>
Date: Tue, 11 Jun 2019 14:14:15 +0300
Subject: [PATCH] MM-14712 - Add support for signing SAML requests (#11081)

* SAML Request signing added
* added telemetry for signrequest flag
---
 app/diagnostics.go | 1 +
 model/config.go    | 9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/diagnostics.go b/app/diagnostics.go
index 73583bcf57..745a953e53 100644
--- a/app/diagnostics.go
+++ b/app/diagnostics.go
@@ -499,6 +499,7 @@ func (a *App) trackConfig() {
 		"enable_sync_with_ldap_include_auth":  *cfg.SamlSettings.EnableSyncWithLdapIncludeAuth,
 		"verify":                              *cfg.SamlSettings.Verify,
 		"encrypt":                             *cfg.SamlSettings.Encrypt,
+		"sign_request":                        *cfg.SamlSettings.SignRequest,
 		"isdefault_scoping_idp_provider_id":   isDefault(*cfg.SamlSettings.ScopingIDPProviderId, ""),
 		"isdefault_scoping_idp_name":          isDefault(*cfg.SamlSettings.ScopingIDPName, ""),
 		"isdefault_id_attribute":              isDefault(*cfg.SamlSettings.IdAttribute, model.SAML_SETTINGS_DEFAULT_ID_ATTRIBUTE),
diff --git a/model/config.go b/model/config.go
index 5bef47beff..ae6dfb62f3 100644
--- a/model/config.go
+++ b/model/config.go
@@ -1855,8 +1855,9 @@ type SamlSettings struct {
 	EnableSyncWithLdap            *bool
 	EnableSyncWithLdapIncludeAuth *bool
 
-	Verify  *bool
-	Encrypt *bool
+	Verify      *bool
+	Encrypt     *bool
+	SignRequest *bool
 
 	IdpUrl                      *string
 	IdpDescriptorUrl            *string
@@ -1907,6 +1908,10 @@ func (s *SamlSettings) SetDefaults() {
 		s.Encrypt = NewBool(true)
 	}
 
+	if s.SignRequest == nil {
+		s.SignRequest = NewBool(false)
+	}
+
 	if s.IdpUrl == nil {
 		s.IdpUrl = NewString("")
 	}