Describe the bugSpring boot 3.1.4, Spring boot starter reactive oauth client library. I want to generate oauth 2.0 token...

Describe the bugWhen clickjacking prevention is enabled, it is impossible to redirect SAML2 request to IdP.To Reproduce1...

Describe the bugSecurityMockMvcRequestPostProcessors.csrf() doesn't create correct token for XorCsrfTokenRequestAttribut...

Describe the bugWhen using RoleHierarchy to inherit multiple roles, AuthorizationManagers.allOf() does not take inherite...

Expected BehaviorI'd like to see spring security support "urn:ietf:params:oauth:grant-type:saml2-bearer" as a valid auth...

Since the updateDependencies plugin has been removed, we do not have a way to make sure that com.nimbusds:nimbus-jose-jw...

Version 6.0.0For this configuration : @Bean public SecurityFilterChain filterChain( final HttpSecurity http ) thr...

Expected BehaviorDefaultRequestRejectedHandler should return HTTP 400 by default instead of having to implement a custom...

Describe the bugReactiveRemoteJWKSource receives a Mono for jwkSetURL, which will be lazy loaded. After invoking webClie...

Describe the bugRelay Status is optional value so if it is not provided or empty value, it doesn't need to be in signing...

Now that we have Dependabot taking care of our dependencies we should not need the updateDependencies plugin anymore.By ...

Describe the bugI am trying to secure my actuator endpoints. For this purpose, I have a Multiple-Config where I specify ...

SummaryI'm using an OIDC Provider that supports OIDC Back-channel Logout Spec. However the current version of Spring Sec...

I have an application running behind an Nginx proxy load balancer, utilizing multiple Java instances where requests are ...

Expected BehaviorHave a configurable way to allow NimbusJwtDecoder to accept PlainJWT.That is, allow firebase auth emula...

I'm working on upgrading spring-security-saml2-core from version 1.0.10.RELEASE to 2.0.0.M31 in my project. I don't want...

Expected BehaviorI think LogoutFilter should check if Authentication variable is null.If auth is null, then logout faile...

Describe the bugFailed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be c...

Describe the bugRequestedUrlRedirectInvalidSessionStrategy#onInvalidSessionDetected(…) uses DefaultRedirectStrategy#send...

Describe the bugWhen using RequestedUrlRedirectInvalidSessionStrategy as the invalid session strategy within the session...