diff --git a/docs/howto/config.rst b/docs/howto/config.rst
index c224cb2a1..eebbb5331 100644
--- a/docs/howto/config.rst
+++ b/docs/howto/config.rst
@@ -1174,7 +1174,7 @@ want_assertions_or_response_signed
 Indicates that *either* the Authentication Response *or* the assertions
 contained within the response to this SP must be signed.
 
-Valid values are True or False. Default value is False.
+Valid values are True or False. Default value is True.
 
 This configuration directive **does not** override ``want_response_signed``
 or ``want_assertions_signed``. For example, if ``want_response_signed`` is True
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index cf88dee9c..592059df7 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -10,7 +10,6 @@
 import time
 import logging
 from typing import Mapping
-from warnings import warn as _warn
 
 from saml2.entity import Entity
 
@@ -174,7 +173,7 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
             "authn_requests_signed": False,
             "want_assertions_signed": False,
             "want_response_signed": True,
-            "want_assertions_or_response_signed": False,
+            "want_assertions_or_response_signed": True,
         }
         for attr, val_default in attribute_defaults.items():
             val_config = self.config.getattr(attr, "sp")
@@ -194,15 +193,14 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
                 self.want_assertions_or_response_signed,
             ]
         ):
-            warn_msg = (
+            error_msg = (
+                "This configuration is insecure. "
                 "The SAML service provider accepts "
                 "unsigned SAML Responses and Assertions. "
-                "This configuration is insecure. "
-                "Consider setting want_assertions_signed, want_response_signed "
+                "Set at least one of want_assertions_signed, want_response_signed "
                 "or want_assertions_or_response_signed configuration options."
             )
-            logger.warning(warn_msg)
-            _warn(warn_msg)
+            raise SAMLError(error_msg)
 
         self.artifact2response = {}
 
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
index a323de793..8d85ddcdf 100644
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -1860,7 +1860,8 @@ def set_client_want(response, assertion, either):
         parse_authn_response(response)
 
         set_client_want(False, False, False)
-        parse_authn_response(response)
+        with raises(SAMLError):
+            parse_authn_response(response)
 
         # Response is not signed but assertion is signed.
         kwargs["sign_response"] = False
@@ -1893,7 +1894,8 @@ def set_client_want(response, assertion, either):
         parse_authn_response(response)
 
         set_client_want(False, False, False)
-        parse_authn_response(response)
+        with raises(SAMLError):
+            parse_authn_response(response)
 
         # Both response and assertion are signed.
         kwargs["sign_response"] = True
@@ -1922,7 +1924,8 @@ def set_client_want(response, assertion, either):
         parse_authn_response(response)
 
         set_client_want(False, False, False)
-        parse_authn_response(response)
+        with raises(SAMLError):
+            parse_authn_response(response)
 
         # Neither response nor assertion is signed.
         kwargs["sign_response"] = False
@@ -1958,7 +1961,8 @@ def set_client_want(response, assertion, either):
             parse_authn_response(response)
 
         set_client_want(False, False, False)
-        parse_authn_response(response)
+        with raises(SAMLError):
+            parse_authn_response(response)
 
 
 class TestClientNonAsciiAva: