It would be nice to have a simple way to convert an <IDPSSODescriptor> into a RelyingPartyRegistration. HttpMessag...

Spring Security supports a default ACS Location of"{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER...

OpenSAML gets initialized by Spring Security lazily via a package-private class OpenSamlImplementation. This setup makes...

Login success handler should be called in proper contextDescribe the bugIf it is called login success handler it is not ...

SummaryWhen configuring an embedded ldap server to import an ldif file (e.g., users.ldif), no log message (at not level)...

Expected BehaviorAdd the possibility to impersonate a user in Reactive applications as it is possible by using the Switc...

Describe the bugWhen using JdbcOAuth2AuthorizedClientService with Oracle DB (>10g) got ClassCastException: [B cannot ...

We should add support for adding a custom filter in the Server Kotlin DSL.Similar to ServerHttpSecurity, we should have ...

I set principal=jack in MyAuthenticationFilter, and reset principal=jackLee in MyAuthenticationProvider.Finally, I get j...

Describe the bugUsing spring-boot-starter-oauth2-client with spring-session-data-redis and JSON serialization, when atte...

In Spring Framework 5.2.7, MockServerHttpRequest will accept a custom HTTP method as a String parameter.Going forward we...

Describe the bugMay cause false redirectsTo Reproduce1. New tab 1 visit http://localhost:8080/test throws an exception2....

Describe the bug1. Exception thrown after redirect.{ "timestamp":"2020-07-08T10:09:35.657+00:00",...

Saml2X509Credential constructors are somewhat complicated to use. For example, there are possible constructs that don't ...

WebSecurityConfigurerAdapter provide us two methods configure(WebSecurity web) and configure(HttpSecurity http) to confi...

Initially, RelyingPartyRegistration held both relying party and asserting party details together.In 5.3, the asserting p...

Expected BehaviorI would like to be able to configure Csrf the same way as CORS so that i can control it by using the @P...

Describe the bugWhen one wants to use the Argon2PasswordEncoder which is available in Spring Security the following exce...

SummaryI am trying to allow multiple domains to access the api, but they are blocked by CORS preflight check. When I con...

Saml2AuthenticationToken's constructor takes several separate pieces of metadata from the RelyingPartyRegistration. Each...