SummaryHi. In our project we recently migrated to Spring boot 2. in this version i figured out that '//' is forbidden in...

Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabl...

Create OpenID Connect Discovery Client which is capable of requesting Provider Metadata via the supplied issuer.Related ...

We should document that the Shibboleth Maven Repository is required for SAML support. Provide sample configuration for M...

We should update the Artifactory plugin to provide consistent build info across Spring portfolio projects. See spring-io...

Describe the bugCasAuthenticationFilter set a reference of SecurityContextRepository (https://github.com/spring-projects...

Describe the bugWhen RestCient is initialized by a RestTemplate using RestClient.builder(restTemplate) the interceptors ...

When trying to follow the samples outlined in SAML2 Reference, adding the custom auth provider results in the following ...

When a version is not supported anymore, or when a new branch is created, we have to remember to update a lot of things,...

Current BehaviorOn creating OIDC token (see: code) ReactiveOidcIdTokenDecoderFactory creates the NimbusReactiveJwtDecode...

SummaryFrom what I can tell the recently added SAML2 support only supports Spring MVC or more generally servlet based re...

Currently, we use Hooks.onLastOperator to propagate the SecurityContext, request and response to the reactor operator ch...

SAML Service Provider should use the contents of a SAML assertion to deduce the IDP instead of the current Path-based de...

If we need to use the JdbcOAuth2AuthorizedClientService, must create a table in the database.official oauth2_authorized_...

Upgrading our application to Spring 6 with Spring Security 6.1.2 and Tomcat 10.1 resulted in the following UnsupportedOp...

The current implementation is too tied to what we had done in the Servlet side. We should investigate other possibilitie...

Similar to OidcBackChannelServerLogoutHandler. Such implementation would forge a POST /logout with the session id and ne...

Current Behavior With Spring Security 5.3 one can configure oauth2 resource server to support multiple tenant's. For th...

The KeyStoreKeyFactoryTests and RsaKeyHelperTests are failing when running on Windows. They are disabled for now but mus...

To get the current security context in a Spring MVC handler method, one needs to use the @CurrentSecurityContext annotat...