Describe the bugSince Spring Security 2.6.0 no error page is displayed when setting a context-path and defining a custom...

Describe the bugIf your SAML Response is signed, spring security wont be able to verify thatI did some debugging and dis...

Currently OAuth2ClientProperties.clientAuthenticationMethod can be set to an invalid value and this does not result in a...

SummaryHi folks, can we have a discussion about the /userinfo endpoint? In short, authenticating a user via the /userinf...

SummaryHi! I'm trying to use ACL with Spring Boot.Actual BehaviorI used the schemas as specified here (in this case H2) ...

In order to highlight the configuration improvements of gh-13763, we need a place in the docs to add some reactive code ...

springboot：3.2.1springsecurity：6.2.1When xsrf token is invalid, delegate.resolveCsrfTokenValue returns null, but the ret...

When I try to make request to opened endpoint /v1/register I get 401 Unauthorized or 403 Forbidden instead 2xx answer. c...

An issue similar to spring-projects/spring-framework#23460 exists in current spring versions, encountered using both spr...

Related to https://github.com/spring-projects/spring-security/issues/9697Comment From: hmmlopezThis ticket would be very...

Describe the bugUsing Spring Security with CustomUsernamePasswordAuthenticationFilter is not working with custom Form lo...

Expected BehaviorOidcBackChannelLogoutHandler should be able to logout user's session using http://localhost... host and...

AuthorizationObservationContext imports MethodInvocationResult. This can lead to a package tangle since overall, nothing...

Describe the bugWe are using OpenApi Generator to generate an Interface for our Controller. When I add @EnableMethodSecu...

Expected BehaviorTwo cases:1. When the isPassive flag is set to true, and the request is sent to an IdP that doesn't sup...

Sometimes e.g. keycloak have additional authorities. It can be roles in keyclak token stored in realm_access.roles and s...

Catched exception should be logged before JwtException is thrownBefore a JwtException is thrown, the catched errorMsg sh...

DescriptionMultiple SecurityFilterChain configured in security configuration doesn't work when deprecated authorizeReque...

Since there is no js version of XorCsrfTokenRequestAttributeHandler for debug or implementation, I think you can provide...

I created a spring boot backend microservice as a oauth 2 resource server. In the calling microservice, I get an access ...