4 files changed, 8 insertions, 8 deletions

diff --git a/config/config.json b/config/config.json
index 44d1aae1c..3111d3831 100644
--- a/config/config.json
+++ b/config/config.json
@@ -221,8 +221,8 @@
     },
     "SamlSettings": {
         "Enable": false,
-        "Verify": false,
-        "Encrypt": false,
+        "Verify": true,
+        "Encrypt": true,
         "IdpUrl": "",
         "IdpDescriptorUrl": "",
         "AssertionConsumerServiceURL": "",
diff --git a/model/config.go b/model/config.go
index 7c87c05f0..9d651035b 100644
--- a/model/config.go
+++ b/model/config.go
@@ -1002,12 +1002,12 @@ func (o *Config) SetDefaults() {
 
 	if o.SamlSettings.Verify == nil {
 		o.SamlSettings.Verify = new(bool)
-		*o.SamlSettings.Verify = false
+		*o.SamlSettings.Verify = true
 	}
 
 	if o.SamlSettings.Encrypt == nil {
 		o.SamlSettings.Encrypt = new(bool)
-		*o.SamlSettings.Encrypt = false
+		*o.SamlSettings.Encrypt = true
 	}
 
 	if o.SamlSettings.IdpUrl == nil {
diff --git a/webapp/components/admin_console/saml_settings.jsx b/webapp/components/admin_console/saml_settings.jsx
index 0754747d9..a02ab4a8a 100644
--- a/webapp/components/admin_console/saml_settings.jsx
+++ b/webapp/components/admin_console/saml_settings.jsx
@@ -368,7 +368,7 @@ export default class SamlSettings extends AdminSettings {
                     helpText={
                         <FormattedMessage
                             id='admin.saml.verifyDescription'
-                            defaultMessage='When true, Mattermost verifies that the signature sent from the SAML Response matches the Service Provider Login URL'
+                            defaultMessage='When false, Mattermost will not verify that the signature sent from a SAML Response matches the Service Provider Login URL. Not recommended for production environments. For testing only.'
                         />
                     }
                     value={this.state.verify}
@@ -405,7 +405,7 @@ export default class SamlSettings extends AdminSettings {
                     helpText={
                         <FormattedMessage
                             id='admin.saml.encryptDescription'
-                            defaultMessage='When true, Mattermost will decrypt SAML Assertions encrypted with your Service Provider Public Certificate.'
+                            defaultMessage='When false, Mattermost will not decrypt SAML Assertions encrypted with your Service Provider Public Certificate. Not recommended for production environments. For testing only.'
                         />
                     }
                     value={this.state.encrypt}
diff --git a/webapp/i18n/en.json b/webapp/i18n/en.json
index e40aa647a..1ac5854ee 100755
--- a/webapp/i18n/en.json
+++ b/webapp/i18n/en.json
@@ -628,7 +628,7 @@
   "admin.saml.emailAttrTitle": "Email Attribute:",
   "admin.saml.enableDescription": "When true, Mattermost allows login using SAML. Please see <a href='http://docs.mattermost.com/deployment/sso-saml.html' target='_blank'>documentation</a> to learn more about configuring SAML for Mattermost.",
   "admin.saml.enableTitle": "Enable Login With SAML:",
-  "admin.saml.encryptDescription": "When true, Mattermost will decrypt SAML Assertions encrypted with your Service Provider Public Certificate.",
+  "admin.saml.encryptDescription": "When false, Mattermost will not decrypt SAML Assertions encrypted with your Service Provider Public Certificate. Not recommended for production environments. For testing only.",
   "admin.saml.encryptTitle": "Enable Encryption:",
   "admin.saml.firstnameAttrDesc": "(Optional) The attribute in the SAML Assertion that will be used to populate the first name of users in Mattermost.",
   "admin.saml.firstnameAttrEx": "E.g.: \"FirstName\"",
@@ -673,7 +673,7 @@
   "admin.saml.usernameAttrDesc": "The attribute in the SAML Assertion that will be used to populate the username field in Mattermost.",
   "admin.saml.usernameAttrEx": "E.g.: \"Username\"",
   "admin.saml.usernameAttrTitle": "Username Attribute:",
-  "admin.saml.verifyDescription": "When true, Mattermost verifies that the signature sent from the SAML Response matches the Service Provider Login URL",
+  "admin.saml.verifyDescription": "When false, Mattermost will not verify that the signature sent from a SAML Response matches the Service Provider Login URL. Not recommended for production environments. For testing only.",
   "admin.saml.verifyTitle": "Verify Signature:",
   "admin.save": "Save",
   "admin.saving": "Saving Config...",