Spring Security OpenSaml4AuthenticationProvider.class at spring-security-saml2-service-provider v5.8.14 compiled for jdk11

Describe the bug Hi, We're trying to use spring-security-saml2-service-provider in our JDK8 based platform, so we are accessing the 5.8.x version (we are still not able to go for the 6.x because of the jdk runtime we are using).

It seems the OpenSaml4AuthenticationProvider.class at the jar package at the central maven repository (https://repo1.maven.org/maven2/org/springframework/security/spring-security-saml2-service-provider/5.8.14/spring-security-saml2-service-provider-5.8.14.jar) has been compiled with the jdk11 version, so we're getting some jdk version errors under our application.

To Reproduce - Download the jar from maven central (https://repo1.maven.org/maven2/org/springframework/security/spring-security-saml2-service-provider/5.8.14/spring-security-saml2-service-provider-5.8.14.jar) - check the version of the menitioned class. For instance: javap.exe -verbose "C:\spring-security-saml2-service-provider-5.8.14\org\springframework\security\saml2\provider\service\authentication\OpenSaml4AuthenticationProvider.class | findstr "major" - the previous javap command will return major version: 55

Expected behavior The major version of the class file should be 52 (jdk8)

Comment From: marcusdacoregio

Hi @goyocasero. That's expected since OpenSAML 4 is built on top of Java 11. If you cannot migrate to Java 11, you should use OpenSAML 3.