diff --git a/saml/univention-saml/listener/univention-saml-simplesamlphp-configuration.py b/saml/univention-saml/listener/univention-saml-simplesamlphp-configuration.py
index 81b2e5e942..3ce3821281 100644
--- a/saml/univention-saml/listener/univention-saml-simplesamlphp-configuration.py
+++ b/saml/univention-saml/listener/univention-saml-simplesamlphp-configuration.py
@@ -182,6 +182,10 @@ def write_configuration_file(dn, new, filename):
 		if new.get('privacypolicyURL'):
 			fd.write("	'privacypolicy'	=> %s,\n" % php_string(new.get('privacypolicyURL')[0]))
 
+		fd.write("	'sign.logout' => true,\n")
+		fd.write("	'saml20.sign.response' => true,\n")
+		fd.write("	'saml20.sign.assertion' => true,\n")
+
 		fd.write("	'authproc' => array(\n")
 		if not metadata:  # TODO: make it configurable
 			# make sure that only users that are enabled to use this service provider are allowed