Expected BehaviorAs I understand AuthenticationManager is meant to be the main entity to manage core authentication proc...

Given that it's beneficial to use MvcRequestMatcher.Builder#servletPath whenever the MVC servlet path is something othe...

Expected BehaviorIt would be great if the ReactiveJwtDecoders.java helper methods exposed the underlying NimbusReactiveJ...

SpringBoot 2.7.18, responding spring-security starter.The authentication is worked well, but the concurrent max session ...

Describe the bug***************************APPLICATION FAILED TO START***************************Description:The bean 'w...

See Fine-tuning Annotation-based Autowiring with @Primary or @Fallback.

In the case of AP initated logout Request, logout responses are not getting generated. I initially created a issue https...

Hi guys, when I ran code analyzer on the repo, I found some minor spots that can be tweaked. However, before creating a ...

Hi guys, I'd like to contribute even with small changes or improvements for practice or just to purely satisfy my coding...

In the AP initiated LogoutRequest LogoutResponse is not reaching the IDP.Currently I have this configuration@beanpublic ...

Describe the bugUnauthenticated AJAX requests result in a 400 error from the OidcBackChannelLogoutWebFilter, instead of ...

I defined the SecurityFilterChain bean like below@Bean public SecurityFilterChain securityFilterChain (HttpSecurity h...

When AuthorizeReturnObject creates a CGLIB proxy, that proxy will need to look up the proxied object's methods with refl...

Previously we used IpAddressMatcher for matching ips.After upgrade to Spring boot 3.3, my tests start failing on cases I...

Expected BehaviorExpected BehaviorOffer the possibility to specify custom login-urls depending on the tenant the user in...

After updating Spring Security version to 6, I can no longer change the error message on failed login attempts.Up to ver...

Expected BehaviorIt would be nice if the RestClient supported an equivalent of ServletBearerExchangeFilterFunction. This...

Hi,I think the static AuthenticationManagerDelegator within AuthenticationConfiguration is never created at line 116, if...

As per the documentation, "the Spring Security uses an HttpSessionSaml2AuthenticationRequestRepository, which stores th...

In Spring Security 5 with multiple HttpSecurity instances the first instance to match the request handles the request, i...