We should re-enable the CI pipeline for 5.2.x using GitHub Actions.Comment From: eleftheriasClosed via f9f5b43

Relates to https://github.com/spring-projects/spring-security/issues/11075Comment From: eleftheriasClosed via e753827

Comment From: eleftheriasRelates to gh-11075Comment From: eleftheriasClosed via cb2291c

Currently disabling encoding the session id is built into the HttpSessionSecurityContextRepository. We should decouple t...

The Saml2AuthenticationRequestFactory interface should be deprecated in favor of the new Saml2AuthenticationRequestResol...

Describe the bugThe same as #6463I have the same issue #6463 in version 5.4.5 and Keycloak 16.1.0:Caused by: java.lang.R...

We should re-enable the CI pipeline for 5.3.x using GitHub Actions.Comment From: eleftheriasClosed via fa1206c

Expected BehaviorWhen disallowing sesion creation no attempts on creating a session shall be done. Configuring flag at f...

1) Description of the bugI can login but not logout.2) Steps that I perform and that show how to get the errorI add this...

The ExceptionTranslationWebFilter used to retrieve an exception message from a MessageSource.This was removed as part of...

Describe the bugExceptionTranslationWebFilter causes a blocking call in case of missing/wtong authentication when it is ...

Describe the bugOidcIdTokenDecoderFactory by default defines jwsAlgorithmResolver with RS256 as signature algorithm for ...

Expected BehaviorClient is able to set the refreshToken to expire in given periodCurrent BehaviorClient held the refresh...

SummaryHello,according to the following sources a SpringShell 0 day vulnerability has been found:https://github.com/spri...

After updating from 5.6.1 to 5.6.2 (by updating from Boot 2.6.3 to 2.6.4), the Boot /error page isn't accessible anymore...

Currently, the referenceDocUrl is using https://docs.spring.io/spring-security/site/docs/{version}/reference/html5/ as t...

It is possible to get the user name using:Object principal = SecurityContextHolder.getContext().getAuthentication().getP...

I am reading the spring-security source code，I am puzzled by this design ， why the ProviderManager own / manage a Auth...

Expected BehaviorIt would be great for ReactiveRemoteJWKSource to use a WebClient instance that respects the http.proxy ...

Describe the bugFound multiple CVEs for spring-boot-starter-security + spring-security-saml2-service-provider with lates...