Expected BehaviorString metadataLocation = "C:\\local\\temp\\saml\\meta.xml";RelyingPartyRegistration registra...

Currently, scopes are space-delimited in the authorization request (in security.oauth2.core.endpoint.OAuth2Authorization...

Describe the bugReturning any failure in a OAuth2TokenValidator validate function always results in a InvalidBearerToken...

SummaryWhen activating actuators and securing them, it's not possible to use the url attribute of the authorizeActual Be...

Describe the bugHello All,when using UsernamePasswordAuthenticationTokenDeserializer via CoreJackson2Module from spring-...

Expected BehaviorMoving from Spring SAML Extension to Spring SAML 2 Provider. The issue I have is, in the old extension ...

Expected Behavioralthough rfc7523#section-3 say the token url MAY be used as the aud claim values, it's not required to ...

Expected BehaviorThe spring-security-saml extension provides a HTTPMetadataProvider which is able to automatically refre...

Describe the bugI use multiple security configurations with orders and requestMatchers to determine which requests end u...

Takuya Iwatsuka (Migrated from SEC-3182) said:We have a request for a new feature.Briefly, it is that whenever redirecte...

Describe the bugWhen customizing a AbstractWebClientReactiveOAuth2AccessTokenResponseClient implementation with a conver...

Describe the bughttps://github.com/spring-projects/spring-framework/commit/4750a9430cdae9156d1e7fc32cec2c11ba2b8514#diff...

ContextJCenter shutdown impact on Gradle builds.On February 3 2021, JFrog announced that they will be shutting down Bint...

SummaryThe SAML Extension had a specific bean for applications behind an LB OpenSamlAuthenticationProvider.validateSaml2...

Resolve package tangle between org.springframework.security.config.web and org.springframework.security.config.annotatio...

When using the org.springframework.security.web.csrf.CookieCsrfTokenRepository for CSRF protection, no information is st...

In the Customizing OpenSAML’s AuthnRequest Instance section the code example is wrong, because: - There is no parameterl...

We should consider providing a Cookie based implementation of AuthorizationRequestRepository.Comment From: afrancoc2000H...

Expected BehaviorIn our daily deployment our services are behind http proxy servers. Due to this, we are not able to use...

Expected BehaviorOidcIdTokenDecoderFactory when used with a JWKs doesn't provide any option to configure the RestOperati...