From 6eae9b859692417182103d06f5215fff11289942 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Thu, 28 Aug 2014 18:47:08 +0200
Subject: [PATCH] saml: disable plugin by default and don't initiate if not
 enabled

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../cloudstack/saml/SAML2AuthManagerImpl.java   | 17 +++++++++++++----
 server/src/com/cloud/configuration/Config.java  |  2 +-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index 22d99cbbde5..8480c0e57c0 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -69,12 +69,14 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
     @Inject
     ConfigurationDao _configDao;
 
-    protected SAML2AuthManagerImpl() {
-        super();
-    }
-
     @Override
     public boolean start() {
+        return isSAMLPluginEnabled() && setup();
+    }
+
+    private boolean setup() {
+        // TODO: In future if need added logic to get SP X509 cert for Idps that need signed requests
+
         this.serviceProviderId = _configDao.getValue(Config.SAMLServiceProviderID.key());
         this.identityProviderId = _configDao.getValue(Config.SAMLIdentityProviderID.key());
 
@@ -145,6 +147,9 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
 
     @Override
     public List<Class<?>> getAuthCommands() {
+        if (!isSAMLPluginEnabled()) {
+            return null;
+        }
         List<Class<?>> cmdList = new ArrayList<Class<?>>();
         cmdList.add(SAML2LoginAPIAuthenticatorCmd.class);
         cmdList.add(SAML2LogoutAPIAuthenticatorCmd.class);
@@ -183,4 +188,8 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
     public X509Certificate getIdpEncryptionKey() {
         return idpEncryptionKey;
     }
+
+    public Boolean isSAMLPluginEnabled() {
+        return Boolean.valueOf(_configDao.getValue(Config.SAMLIsPluginEnabled.key()));
+    }
 }
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index 2c78f1bea35..85277386f82 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -1384,7 +1384,7 @@ public enum Config {
             ManagementServer.class,
             Boolean.class,
             "saml2.enabled",
-            "true",
+            "false",
             "Set it to true to enable SAML SSO plugin",
             null),
     SAMLUserAccountName(