Expected BehaviorThe IANA-registered MIME type for SAML metadata is application/samlmetadata+xml.Current BehaviorThe Sam...

DistinguishedName and its related components are deprecated in Spring LDAP. Spring Security should update to use LdapNam...

SummaryWhen configured to use LDAP Authentication in it's default (bind verification instead of password verification) s...

SummaryHi,CsrfAuthenticationStrategy only seems to support stateful csrf setups as it creates a new token on each authen...

Expected BehaviorI can extend and replace default Authentication FilterCurrent Behaviorhttps://stackoverflow.com/questio...

The methods isAccountNonExpired, isAccountNonLocked, isCredentialsNonExpired, and isEnabled are used less often.It would...

Describe the bugWhen my custom GrantedAuthority returns null on getAuthority(), I get the following exception that makes...

Similar to https://github.com/spring-projects/spring-security/issues/14210Update SecurityNamespaceHandler to require 6.4...

I am following an example in the spring security document to handle fallback for method based authorization.Using the De...

Describe the bugI am implementing OAuth2 to connect with a custom provider (not Google or GitHub). I need implement a cu...

ContextI do use a UsernamePasswordAuthenticationFilter with 3 login parts (tenant, username, password) in combination wi...

SummaryWith this code:@PostMapping("loginFacebook")public ClientAuth loginFacebook(@RequestBody @NotNull Faceb...

SummaryNimbusJwtDecoderJwkSupport is the underlying implementation for Spring Security JwtDecoder.NimbusJwtDecoderJwkSup...

In https://docs.spring.io/spring-security/reference/features/exploits/csrf.html there is:We could improve the protection...

Describe the bugSetting up a basic async HTTP GET endpoint where the returned response is allowed to be cached by downst...

https://github.com/spring-projects/spring-security/blob/e79b6b3ac887f0abda68967b70c1aa3aa0aa62bd/core/src/main/java/org/...

Describe the bugConfiguring authorizations using the access() method interferes with authentication in an inconsistent w...

I've lost my mind trying things here. This is only my latest attempt, I've basically been in "add" mode.The documentatio...

Describe the bug Error creating bean with name 'filterInvocationInterceptorDeregistrationBean': Initialization of bean ...

There is a concurrency bug in SessionRegistryImpl where if you have multiple threads call registerNewSession concurrentl...