Describe the bugDefault binding in RelyingPartyRegistration is Redirect. Though it's not propagated down to OpenSamlAuth...

SummaryWhen you extend WebSecurityConfigurerAdapterand override the methodprotected final void configure(AuthenticationM...

The default authentication managers / builders for OAuth2 builds authorities from "scope" claim.IMO, this comes with ser...

SummaryJwtReactiveAuthenticationManager does not handle third-party library error messages that are not suitable for RFC...

Saml2CryptoTestSupport and TestSaml2AuthenticationObjects should be simplified down to TestOpenSamlObjects since in both...

TestSaml2X509Credentials always exposes a list of credentials when the majority of tests only need one credential. Chang...

Right now there are RSocket integration tests associated to the test task. They should be moved to the integration tests...

at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:195) ~[spring-security-...

Hi,when testing Oauth-Security in a @-SpringBootTest using the jwt() RequestPostProcessor, it seems that this just popul...

SummaryIt's not very clear in which order the security filter ConcurrentSessionFilter is registered.Actual BehaviorThe d...

Related to https://github.com/spring-projects/spring-security/issues/6865 and https://github.com/spring-projects/spring-...

SummaryIt is common case when more flexibility is needed while using JwtGrantedAuthoritiesConverter, so I'm thinking of ...

SummaryIn Spring Security, Authentication & Authorization are tightly coupled. Nowadays, Authentication is often per...

Hi, I report some broken links in the OAuth 2.0 Migration Guide https://github.com/spring-projects/spring-security/wiki/...

SummaryIn the current SAML2 implementation to resolve the baseUrl the method Saml2ServletUtils#resolveUrlTemplate is use...

Spring Boot 2.3.x.RELEASE applies additional non-standard validation on JWT tokens due to upgrade to NimbusDS 8.x.With S...

With https://github.com/spring-projects/spring-boot/issues/19426, the multi-tenancy sample can be simplified, allowing B...

Hi Spring-Security experts,I have a feature request which will help error handling on NimbusJwtDecoder.Expected Behavior...

Expected BehaviorgetMethod() returns value configured for "method" propertyCurrent Behaviorreturns nullContextIt causes ...

Expected BehaviorThe Jwt Validators that are provided on the oauth jose package have no logging in them when they fail. ...