Expected BehaviorWhen acting as a SAML2 client, allow the lovely Spring SSL bundles to be used to specify the certificat...

Expected BehaviorWhen acting as a SAML2 client, allow the lovely Spring SSL bundles to be used to specify the certificat...

I'm using spring security saml2, version 5.7.6, ADFS as Identity ProviderAccording to spring documentation, upon normal ...

Describe the bugI am working on a small project to have a 'gateway' application in between Landing page and Backend API ...

Describe the bugHello, I want to allow ADMIN role to access path: /organizations, it is working fine in spirng-security...

New BehaviorI'd like the ability to attach additional attributes/properties to ClientRegistrations and ProviderDetails, ...

AuthenticationManager and AuthenticationProvider have the same primary signature. In an effort to simplify the API, Auth...

Expected BehaviorCan be safely cast the Authentication principal to to myPrincipal in the check(Supplier<Authenticati...

Expected BehaviorSaml2MetadataFilter should be able to return a metadata for a registration without Asserting Party deta...

Similar to RequestHeaderRequestMatcher, it would be nice to match on parameters. This is already in use privately in Sam...

Describe the bugI migrated to spring boot 3 and changed authorizeRequests to authorizeHttpRequests. But @PreAuthorize is...

Expected Behaviorpublic class InMemoryRelyingPartyRegistrationRepository implements IterableRelyingPartyRegistrat...

We should consider merging AuthenticationManager and AuthenticationProvider into a single interface, since both APIs are...

With the introduction of RelyingPartyRegstration#mutate, OpenSamlRelyingPartyRegistration should no longer be necessary....

Related #12967, #10310 Like the supplier for ClientRegistrationRepository and JwtDecoder, it would be handy to have an i...

Describe the bugIn commit https://github.com/spring-projects/spring-security/commit/7288fecc2449b2673c817e28654de7edc6db...

A common question is "why do my public endpoints fail with a 401 when they are given invalid credentials?"The answer I u...

Expected Behavior http.authorizeHttpRequests(matchers -> matchers .requestMatchers( ...

The CredentialsContainer interface is used internally by the framework to clear the user's credentials after a successfu...

Expected BehaviorWhen using @AuthorizeReturnObject annotation to mask object fields, AuthorizationAdvisorProxyFactory no...