In line with the changes made to Form Login and HTTP Basic logs, let's add logs to Resource Server.In addition to consid...

Comment From: jeanblanchardA side-note: Currently, the entityId for the Service Provider is set to {baseUrl}/saml2/servi...

I am using Spring Security with a custom permission evaluator and i am looking for a solution to override the static Acc...

In section Section 5.2.2 Security HTTP Response Headers > X-Frame-Options there is link that leads to private video.F...

The configuration property security.oauth2.client.registration.*.redirectUriTemplate (YAML-format) does not work for S...

SummaryABAC is a standard published by NIST (US National Institute od Standarts and Technology) in cooperation with indu...

AuthenticationSuccessEvent seems to be fired multiple times for single requests. Not sure if this is expected behavior o...

Expected BehaviorSpring Security OAuth includes an Authorization Bearer header containing the access token in requests t...

Most of the tests in the saml2Login sample are related to testing the framework.Since the purpose of the sample is to de...

It would be nice if the SAML 2.0 documentation looked like the rest of the documentation, including having flow diagrams...

Describe the bugIn authentication process(using BindAuthenticator.class & FilterBasedLdapUserSearch.class), when sea...

The helpers in JwtDecoders (e.g. fromOidcIssuerLocation) and JwtValidators should accept an optional parameter for a Clo...

Describe the bugGoogle Access Token (Not JWT) is sent as a Bearer header while calling a resource server using Web Clien...

Describe the bugThe oauth2-client requests all available scopes on the authorization server by default. That includes al...

Describe the bugWhen a SAML IdP is configured to add a OneTimeUse condition to the SAML Assertion, the OpenSamlAuthentic...

Similar as oauth2Login() loads user from OAuth2UserService interface. SAML attributes need to be retrieved as well.Comme...

SummaryI am migrating from org.springframework.security.extensions:spring-security-saml2-core:1.0.10.RELEASE to spring-s...

Recent support for configuring OpenSAML's ConditionValidators and ValidationContext were added to OpenSamlAuthentication...

Apparently spring security supports two concepts when working with hierarchical roles:Resolving the effective roles at a...

Expected Behavior.formLogin() .loginPage("/login") .loginProcessingUrl("/j_spring_security...