improve saml authentication (#836)

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>

lib/cli/auth-saml2/index.js

@@ -1,3 +1,7 @@
+/**
+* Copyright © 2025 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 module.exports.command = 'auth-saml2'
 
 module.exports.describe = 'Start a SAML 2.0 auth unit.'
@@ -41,6 +45,16 @@ module.exports.builder = function(yargs) {
     , type: 'string'
     , default: process.env.SAML_ID_PROVIDER_CALLBACK_URL
     })
+    .option('saml-id-provider-want-assertions-signed', {
+      describe: 'SAML 2.0 identity provider want assertions signed.'
+    , type: 'boolean'
+    , default: process.env.SAML_ID_PROVIDER_WANT_ASSERTIONS_SIGNED || true
+    })
+    .option('saml-id-provider-want-authn-response-signed', {
+      describe: 'SAML 2.0 identity provider want authentication response messages signed.'
+    , type: 'boolean'
+    , default: process.env.SAML_ID_PROVIDER_WANT_AUTHN_RESPONSE_SIGNED || true
+    })
     .option('secret', {
       alias: 's'
     , describe: 'The secret to use for auth JSON Web Tokens. Anyone who ' +
@@ -75,6 +89,8 @@ module.exports.handler = function(argv) {
     , issuer: argv.samlIdProviderIssuer
     , certPath: argv.samlIdProviderCertPath
     , callbackUrl: argv.samlIdProviderCallbackUrl
+    , wantAssertionsSigned: argv.samlIdProviderWantAssertionsSigned
+    , wantAuthnResponseSigned: argv.samlIdProviderWantAuthnResponseSigned
     }
   })
 }