saml: disable plugin by default and don't initiate if not enabled

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java

@@ -69,12 +69,14 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
     @Inject
     ConfigurationDao _configDao;
 
-    protected SAML2AuthManagerImpl() {
-        super();
-    }
-
     @Override
     public boolean start() {
+        return isSAMLPluginEnabled() && setup();
+    }
+
+    private boolean setup() {
+        // TODO: In future if need added logic to get SP X509 cert for Idps that need signed requests
+
         this.serviceProviderId = _configDao.getValue(Config.SAMLServiceProviderID.key());
         this.identityProviderId = _configDao.getValue(Config.SAMLIdentityProviderID.key());
 
@@ -145,6 +147,9 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
 
     @Override
     public List<Class<?>> getAuthCommands() {
+        if (!isSAMLPluginEnabled()) {
+            return null;
+        }
         List<Class<?>> cmdList = new ArrayList<Class<?>>();
         cmdList.add(SAML2LoginAPIAuthenticatorCmd.class);
         cmdList.add(SAML2LogoutAPIAuthenticatorCmd.class);
@@ -183,4 +188,8 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
     public X509Certificate getIdpEncryptionKey() {
         return idpEncryptionKey;
     }
+
+    public Boolean isSAMLPluginEnabled() {
+        return Boolean.valueOf(_configDao.getValue(Config.SAMLIsPluginEnabled.key()));
+    }
 }

server/src/com/cloud/configuration/Config.java

@@ -1384,7 +1384,7 @@ public enum Config {
             ManagementServer.class,
             Boolean.class,
             "saml2.enabled",
-            "true",
+            "false",
             "Set it to true to enable SAML SSO plugin",
             null),
     SAMLUserAccountName(