After upgrading to Spring Boot 2.5.0 which includes Spring Security 5.5.0 I noticed that OpenSamlAuthenticationProvider is deprecated and that I should use OpenSaml4AuthenticationProvider instead. However it is not enough to just change the class, because spring-security-saml2-service-provider still depends on Open SAML 3.4.6 for backward compatibility reasons (9095).
So I assume that I have to exclude Open SAML 3.4.6 and add the Open SAML 4.1.0 dependency manually?
The other option would be to ignore the deprecation warning and use OpenSamlAuthenticationProvider until it get's removed. At least everything will work then, and I don't have to handle the dependencies manually.
Regards Daniel
Comment From: jzheaux
Thanks for reaching out, @dawi. You should be able to manage the dependency like in this sample.
Comment From: thmarti
Hi @jzheaux your link leads to a 404 page...
Comment From: dawi
The relevant links are: * Example Project * Dependency Configuration
Comment From: RTK3300
Aren't there files missing in that sample project? I only see a controller and the Application file, but no SecurityConfig file? Only branch version 5.6 and 5.7 seem to have a SecurityConfig file? Or is all the necessary configuration done in the application.yaml in those other versions?
I'm upgrading an old Spring boot 2.4 (Spring Security 5.4) application to a newer version of Spring Boot (2.7 or 3.1). Is manually setting these constraints still the recommended path or is there a better way?