From f2d76212c350205c6bc116b48e47868120256f0d Mon Sep 17 00:00:00 2001
From: zogoo <ch.tsogbadrakh@gmail.com>
Date: Sun, 10 Nov 2024 19:41:31 +0100
Subject: [PATCH] Assertion flag should able switchable by application

---
 lib/saml_idp/controller.rb           |  2 +-
 spec/lib/saml_idp/controller_spec.rb | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/saml_idp/controller.rb b/lib/saml_idp/controller.rb
index 9d0a16c9..a8e689f4 100644
--- a/lib/saml_idp/controller.rb
+++ b/lib/saml_idp/controller.rb
@@ -66,7 +66,7 @@ def encode_authn_response(principal, opts = {})
       signed_message_opts = opts[:signed_message] || false
       name_id_formats_opts = opts[:name_id_formats] || nil
       asserted_attributes_opts = opts[:attributes] || nil
-      signed_assertion_opts = opts[:signed_assertion] || true
+      signed_assertion_opts = opts[:signed_assertion].nil? ? true : opts[:signed_assertion]
       compress_opts = opts[:compress] || false
 
       SamlResponse.new(
diff --git a/spec/lib/saml_idp/controller_spec.rb b/spec/lib/saml_idp/controller_spec.rb
index 94e189e9..e33d1592 100644
--- a/spec/lib/saml_idp/controller_spec.rb
+++ b/spec/lib/saml_idp/controller_spec.rb
@@ -66,6 +66,16 @@ def params
       end
     end
 
+    context '#encode_authn_response' do
+      it 'uses default values when opts are not provided' do
+        saml_response = encode_authn_response(principal, { audience_uri: 'http://example.com/issuer', issuer_uri: 'http://example.com', acs_url: 'https://foo.example.com/saml/consume', signed_assertion: false })
+
+        response = OneLogin::RubySaml::Response.new(saml_response)
+        response.settings = saml_settings
+        expect(response.document.to_s).to_not include("<ds:Signature>")
+      end
+    end
+
     context "solicited Response" do
       before(:each) do
         params[:SAMLRequest] = make_saml_request