⭐ New Features
- Deprecate CustomUserTypesOAuth2UserService #8908
- Deprecate ClientRegistration.redirectUriTemplate #8906
- Allow for custom ClientRegistration.clientAuthenticationMethod #8903
- Deprecate ImplicitGrantConfigurer #8902
- Remove use of Mono.deferWithContext() #8901
- Consider adding RelyingPartyRegistrationResolver #8887
- Add HttpMessageConverter that constructs a RelyingPartyRegistration #8877
- RelyingPartyRegistration should default the ACS Location #8876
- Update SimpleSaml2AuthenticatedPrincipal class name #8861
- Introduce AuthenticationConverterServerWebExchangeMatcher #8854
- Make class SimpleSaml2AuthenticatedPrincipal public #8852
- Support custom filter in Server Kotlin DSL #8850
- Saml2AuthenticationToken should take a RelyingPartyRegistration #8845
- Wording changes #8832
- -gh 8784 Document improvement for WebSecurityConfigure #8825
- Consider making BearerTokenServerWebExchangeMatcher public and more generic #8824
- Add custom HeaderWriter in Kotlin DSL #8823
- Add Static Factories to Saml2X509Credential #8822
- Allow disabling headers in Kotlin DSL #8816
- Remove need for WebSecurityConfigurerAdapter #8805
- Configure HTTP Security without extending WebSecurityConfigurerAdapter #8804
- Fix #8693 Support SAML 2.0 SP Metadata Endpoints #8795
- Add Static Factories to Saml2X509Credential #8789
- RelyingPartyRegistration Credentials Should Be Split by Party #8788
- Support custom filter in Server Kotlin DSL #8783
- mongolian translation for messages.properties #8780
- Mongolian translation required for messages.propeperties #8778
- RelyingPartyRegistration should use metadata spec language #8777
- ACS Binding should be in RelyingPartyRegistration #8776
- Remove OpenSamlImplementation #8775
- OpenSamlAuthenticationRequestFactory should use OpenSAML directly #8774
- OpenSamlAuthenticationProvider should use OpenSAML directly #8773
- OpenSAML should get initialized as part of container lifecycle #8772
- SAML Assertion validation fails when OneTimeUse condition is sent from the IdP #8769
- Improve error message when invalid content-type for UserInfo response #8764
- Simplify retrieving Introspection-specific attributes #8740
- Reactive SwitchUserWebFilter for user impersonation #8687
- Change getMethod() to return configured value in SimpleSavedRequest #8675
- gh-8589 Additional Jwt validation debug messages #8665
- Adds cookie based RequestCache #8653
- Missing Reactive SwitchUserWebFilter for user impersonation #8599
- Use String to specify custom HTTP method in mock request #8592
- Add logging #8589
- Support for dynamic configuration using IDP metadata URL for SAML SSO integration #8484
- SAML Authentication Provider assertions #8471
- Throw exception when specified ldif file does not exist #8434
- SAML: Add RequestedAuthnContext to AuthnRequest in OpenSamlAuthenticationRequestFactory #8141
- Add request cache that uses cookie #8034
- No log message or exception if expected ldif file does not exist #7791
🪲 Bug Fixes
- Move RSocket Integration Tests to integration tests #8944
- Fix snapshot build failure related to reactor-netty #8909
- Resolve Bearer token after subscribing to publisher #8894
- ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8865
- Update README.adoc #8851
- Saml2Error should be in a core package #8835
- Fix #8797: Add OAuth2AuthenticationException to allowlist #8827
- CookieRequestCache "REDIRECT_URI" removed by any request #8820
- use CookieRequestCache something went wrong #8817
- LoginPageGeneratingWebFilter should honor context path #8807
- Fix ProviderManager Javadoc typo #8800
- OAuth2AuthenticationException should be in allowlist #8797
- tutorial uses hasRole but should use hasAuthority #8796
- Saml2WebSsoAuthenticationFilter does not follow standard patterns for request matching. #8768
- Bearer Token Padding #8511
- Resolved bearer token has no padding indicators #8502
❤️ Contributors
We'd like to thank all the contributors who worked on this release!