diff --git a/config-templates/config.php b/config-templates/config.php
index f1f53d1e68a4028f6ceb561a1950af2150f9139c..5f5e9634d39d2604226f701807e7f6b3f8051a89 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -461,7 +461,7 @@ $config = [
      * In example when you are setting up a federation bridge.
      */
     'enable.saml20-idp' => false,
-    'enable.saml20-unsolicited' => false,
+    'enable.saml20-unsolicited' => true,
     'enable.adfs-idp' => false,
 
 
diff --git a/docs/simplesamlphp-upgrade-notes-2.0.md b/docs/simplesamlphp-upgrade-notes-2.0.md
index 3c00209ab56bc4c2922a12a7cf9fa9d39256366a..dc305801e97a6cdf7be6507669fa5a61891e80e7 100644
--- a/docs/simplesamlphp-upgrade-notes-2.0.md
+++ b/docs/simplesamlphp-upgrade-notes-2.0.md
@@ -30,8 +30,7 @@ Functional changes
   It is possible to switch back via the `sharedkey_algorithm`.
   Note however that CBC is vulnerable to the Padding oracle attack.
 - All support for the Shibboleth 1.3 / SAML 1.1 protocol has been removed.
-- Unsolicited responses are denied by default. If you need this functionality,
-  it can be enabled by setting `enable.saml20-unsolicited` to `true`.
+- Unsolicited responses can denied by disabling it by setting `enable.saml20-unsolicited` to `false`.
 
 Configuration changes
 ---------------------
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index ad5b7ab0e5a1a8d0628e360839487024140f597b..b08ed9a1e3750c29e9120d5bace55121c249bd7e 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -1139,7 +1139,7 @@ class SP extends \SimpleSAML\Auth\Source
         $state['Attributes'] = $authProcState['Attributes'];
 
         $config = Configuration::getInstance();
-        $allowUnsolicited = $config->getBoolean('enable.saml20-unsolicited', false);
+        $allowUnsolicited = $config->getBoolean('enable.saml20-unsolicited', true);
 
         Assert::true(
             $allowUnsolicited,
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 87b95ad365cd87b49b04613a1d1b35e869faea24..7001c3a887a7156a2c070d08029860149ab174e9 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -105,7 +105,7 @@ if (!empty($stateId)) {
 }
 
 $config = Configuration::getInstance();
-$allowUnsolicited = $config->getBoolean('enable.saml20-unsolicited', false);
+$allowUnsolicited = $config->getBoolean('enable.saml20-unsolicited', true);
 
 Assert::true(
     $allowUnsolicited,