Hi, I am trying to generate response redirect using "Saml2RedirectAuthenticationRequest" class. But, when making the red...

Describe the bugWhen configuring CSRF with a CookieCsrfTokenRepository and a XorCsrfTokenRequestAttributeHandler for use...

Expected BehaviorI would like to use Spring WebFlux with SAML Current BehaviorI cannot use Spring WebFlux with SAML as i...

Expected BehaviorThe ability to customize the obersations made by spring security (adjust low/high cardinality keys, etc...

Describe the bugShort versionThe new support for deferred security context makes DelegatingSecurityContextRepository#loa...

SummaryThe documentation is long and does not encourage contributors. We should rewrite it to encourage contributors. Fo...

The most common things that trip people up when contributing a PR are:Selecting the right branchRemembering to run ./gra...

I would like to reopen the issue #12830 which is closed with denial.About the comment from the original issueI'm not cle...

Describe the bugSpring security authenticates when using single tenancy with: security: oauth2: resourceserver:...

Expected BehaviorReactiveJwtAuthenticationConverter should provide a setter for the principalClaimName, similarly to the...

I migrated from spring security 5.7.2 to 6.0.0. In 5.7.2, if I set nameIdFormat of RelyingPartyRegistration, it was adde...

Describe the bugThe observations that Spring Security provides are not being properly nested with their parent span when...

Expected BehaviorIt might make sense to ignore expired (or not yet valid) X.509 certificates when accessing the certific...

SummaryI can't find an easy way, to validate that the acr value in the ID Token is what the client expects. The spec say...

Describe the bugIf a static resource in a page is the last blocked URL, SavedRequestAwareAuthenticationSuccessHandler r...

Describe the bugIn authorizationContext of MessageMatcherDelegatingAuthorizationManager path variables are only extracte...

Describe the bugI faced an error after upgrade spring boot from 3.0.1 to 3.0.4 on @PreAuthorize("hasRole('USER'").To Rep...

In the documentation Storing the Authentication manually:https://docs.spring.io/spring-security/reference/servlet/authen...

Describe the bugAfter upgrade from Spring Security 5.x.x (Spring Boot 2.7.5) to Spring Security 6.0 (Spring Boot 3.0.4) ...

I wanted to try out the samples, so fired up the project in VSCode and got this:One or more cycles were detected in the ...