OverviewIn file: KeyBasedPersistenceTokenService.java, there is a method allocateToken that creates a Date object to get...

Expected BehaviorOpenSamlMetadataResolver should serialize NameID formats associated with an SP.Current BehaviorOpenSaml...

Comment From: franticticktickHi @marcusdacoregio, can I take this issue to work?Comment From: marcusdacoregioYes, absolu...

@hejianchao No there isn't a setting/property available to turn it off. Are you having issues with it? Why do you want i...

Expected BehaviorI'd like to be able to customize the refreshToken in the OAuth2AccessTokenResponse by specifying a refr...

I believe this is a request. Are there any plans soon by the Sping Team for an asynchronous Auth Server?Currently, when ...

Describe the bugA clear and concise description of what the bug is.To ReproduceSteps to reproduce the behavior.Expected ...

We migrated from a custom CSRF implementation to the one from Spring Security using the default CsrfFilter with HttpSess...

Expected BehaviorOne should be able to use the native build features of Spring Boot out of the box with .spring-boot-sta...

Expected BehaviorBe able to extend the AbstractWebClientReactiveOAuth2AccessTokenResponseClient for custom Authorization...

Expected BehaviorWhen the OIDC provider uses different hostnames from frontend and backend endpoints, fetching metadata ...

Describe the bugI specifically want to use WebClientReactiveClientCredentialsTokenResponseClient because it provides Web...

Expected BehaviorIt should be possible to dynamically (after application is started) add tenants, for each tenant you sh...

Describe the bug @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); }p...

I am currently on Saml2-Service-Provider 5.8.9 and I am in the process of implementing a SP Initated SLO.To initiated th...

After I migrate from Spring boot 2.1.0.RELEASE to Spring Boot 3.3.2SecurityContextHolder default securityContextHolderS...

This is the follow-up of #15384. I have been ping-ponged between spring-framework and spring-security, I think after all...

Expected BehaviorIt should be possible to add extra matching behavior to the default AbstractPreAuthenticatedProcessingF...

Forward port of https://github.com/spring-projects/spring-security/issues/15771Comment From: jzheauxClosed in 746464e035...

Related to https://github.com/spring-projects/spring-boot/issues/42172#issue-2510291998, when ClientRegistration does no...