Fix imports

Add more information for SAML2 tests failure
Wait for background javascript after SAML 2.0 Logout
2022-09-23 08:26:00 -03:00 · 2022-09-22 15:55:47 -03:00 · 2022-09-19 08:47:46 -03:00 · 2022-09-16 08:52:31 -03:00 · 2022-09-16 08:52:31 -03:00 · 2022-09-16 08:52:30 -03:00
107 changed files with 489 additions and 568 deletions
@@ -20,4 +20,26 @@ allprojects {
 			}
 		}
 	}
-}
+}
+
+if (hasProperty('buildScan')) {
+	buildScan {
+		termsOfServiceUrl = 'https://gradle.com/terms-of-service'
+		termsOfServiceAgree = 'yes'
+	}
+}
+
+repositories {
+	mavenCentral()
+}
+
+tasks.register('runAllTests') {
+	var allTasks = rootProject.getAllTasks(true)
+	var allTestsTasks = allTasks.values().collect { t ->
+		t.findAll { it.name == 'test' || it.name == 'integrationTest' }
+	}.flatten()
+	it.dependsOn {
+		allTestsTasks
+	}
+}
+
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.4-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
@@ -1,7 +1,7 @@
-#!/usr/bin/env sh
+#!/bin/sh

 #
-# Copyright 2015 the original author or authors.
+# Copyright © 2015-2021 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,67 +17,101 @@
 #

 ##############################################################################
-##
-##  Gradle start up script for UN*X
-##
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
 ##############################################################################

 # Attempt to set APP_HOME
+
 # Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
-    ls=`ls -ld "$PRG"`
-    link=`expr "$ls" : '.*-> \(.*\)$'`
-    if expr "$link" : '/.*' > /dev/null; then
-        PRG="$link"
-    else
-        PRG=`dirname "$PRG"`"/$link"
-    fi
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
 done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null
+
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit

 APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
+APP_BASE_NAME=${0##*/}

 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'

 # Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
+MAX_FD=maximum

 warn () {
    echo "$*"
-}
+} >&2

 die () {
    echo
    echo "$*"
    echo
    exit 1
-}
+} >&2

 # OS specific support (must be 'true' or 'false').
 cygwin=false
 msys=false
 darwin=false
 nonstop=false
-case "`uname`" in
-  CYGWIN* )
-    cygwin=true
-    ;;
-  Darwin* )
-    darwin=true
-    ;;
-  MINGW* )
-    msys=true
-    ;;
-  NONSTOP* )
-    nonstop=true
-    ;;
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
 esac

 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
@@ -87,9 +121,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 if [ -n "$JAVA_HOME" ] ; then
    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
        # IBM's JDK on AIX uses strange locations for the executables
-        JAVACMD="$JAVA_HOME/jre/sh/java"
+        JAVACMD=$JAVA_HOME/jre/sh/java
    else
-        JAVACMD="$JAVA_HOME/bin/java"
+        JAVACMD=$JAVA_HOME/bin/java
    fi
    if [ ! -x "$JAVACMD" ] ; then
        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@@ -98,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
    fi
 else
-    JAVACMD="java"
+    JAVACMD=java
    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.

 Please set the JAVA_HOME variable in your environment to match the
@@ -106,80 +140,95 @@ location of your Java installation."
 fi

 # Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
-    MAX_FD_LIMIT=`ulimit -H -n`
-    if [ $? -eq 0 ] ; then
-        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
-            MAX_FD="$MAX_FD_LIMIT"
-        fi
-        ulimit -n $MAX_FD
-        if [ $? -ne 0 ] ; then
-            warn "Could not set maximum file descriptor limit: $MAX_FD"
-        fi
-    else
-        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
-    fi
-fi
-
-# For Darwin, add options to specify how the application appears in the dock
-if $darwin; then
-    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
-fi
-
-# For Cygwin or MSYS, switch paths to Windows format before running java
-if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
-    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
-    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
-    
-    JAVACMD=`cygpath --unix "$JAVACMD"`
-
-    # We build the pattern for arguments to be converted via cygpath
-    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
-    SEP=""
-    for dir in $ROOTDIRSRAW ; do
-        ROOTDIRS="$ROOTDIRS$SEP$dir"
-        SEP="|"
-    done
-    OURCYGPATTERN="(^($ROOTDIRS))"
-    # Add a user-defined pattern to the cygpath arguments
-    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
-        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
-    fi
-    # Now convert the arguments - kludge to limit ourselves to /bin/sh
-    i=0
-    for arg in "$@" ; do
-        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
-        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
-
-        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
-            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
-        else
-            eval `echo args$i`="\"$arg\""
-        fi
-        i=`expr $i + 1`
-    done
-    case $i in
-        0) set -- ;;
-        1) set -- "$args0" ;;
-        2) set -- "$args0" "$args1" ;;
-        3) set -- "$args0" "$args1" "$args2" ;;
-        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
    esac
 fi

-# Escape application args
-save () {
-    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
-    echo " "
-}
-APP_ARGS=`save "$@"`
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.

-# Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'

 exec "$JAVACMD" "$@"
@@ -40,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome

 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if "%ERRORLEVEL%" == "0" goto execute

 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -54,7 +54,7 @@ goto fail
 set JAVA_HOME=%JAVA_HOME:"=%
 set JAVA_EXE=%JAVA_HOME%/bin/java.exe

-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute

 echo.
 echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -64,21 +64,6 @@ echo location of your Java installation.

 goto fail

-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
 :execute
@rem Setup the command line

@@ -86,7 +71,7 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar


@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*

 :end
@rem End local scope for the variables with windows NT shell
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -20,8 +20,8 @@ import org.junit.jupiter.api.Test;
 import reactor.core.publisher.Mono;

 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.rsocket.context.LocalRSocketServerPort;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.rsocket.server.LocalRSocketServerPort;
 import org.springframework.messaging.rsocket.RSocketRequester;
 import org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder;
 import org.springframework.security.rsocket.metadata.UsernamePasswordMetadata;
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -31,7 +31,7 @@ import org.junit.jupiter.api.Test;
 import reactor.netty.http.client.HttpClient;

 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.http.client.reactive.ClientHttpConnector;
 import org.springframework.http.client.reactive.ReactorClientHttpConnector;
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -24,7 +24,7 @@ import org.openqa.selenium.WebDriver;
 import org.openqa.selenium.htmlunit.HtmlUnitDriver;

 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;

 /**
 * Integration tests.
@@ -17,6 +17,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
@@ -32,6 +33,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
 * @author Rob Winch
 * @since 5.0
 */
+@Configuration
@EnableWebFluxSecurity
 public class SecurityConfiguration {

@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -17,6 +17,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
@@ -30,6 +31,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
 * @author Rob Winch
 * @since 5.1
 */
+@Configuration
@EnableWebFluxSecurity
 public class SecurityConfiguration {

@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
@@ -30,6 +31,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
 *
 * @author Rob Winch
 */
+@Configuration
@EnableWebFluxSecurity
 public class SecurityConfiguration {

@@ -1,7 +1,7 @@
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile

 plugins {
-    id("org.springframework.boot") version "3.0.0-M1"
+    id("org.springframework.boot") version "3.0.0-SNAPSHOT"
    id("io.spring.dependency-management") version "1.0.11.RELEASE"
    kotlin("jvm") version "1.6.0"
    kotlin("plugin.spring") version "1.6.0"
@@ -17,6 +17,7 @@
 package example

 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
 import org.springframework.security.config.web.server.ServerHttpSecurity
 import org.springframework.security.config.web.server.invoke
@@ -25,6 +26,7 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService
 import org.springframework.security.core.userdetails.User
 import org.springframework.security.web.server.SecurityWebFilterChain

+@Configuration
@EnableWebFluxSecurity
 class SecurityConfiguration {

@@ -30,7 +30,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -24,6 +25,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -30,7 +30,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -24,6 +25,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -30,7 +30,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -24,6 +25,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -30,7 +30,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,12 +16,14 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -32,7 +32,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -18,12 +18,14 @@ package example;
 import javax.sql.DataSource;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.security.provisioning.UserDetailsManager;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -33,7 +33,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
@@ -24,6 +25,7 @@ import org.springframework.security.ldap.authentication.LdapAuthenticationProvid
 import org.springframework.security.ldap.authentication.LdapAuthenticator;
 import org.springframework.security.ldap.server.UnboundIdContainer;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -26,6 +27,7 @@ import org.springframework.security.web.SecurityFilterChain;

 import static org.springframework.security.config.Customizer.withDefaults;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -19,7 +19,7 @@ dependencies {
 	implementation "org.springframework.security:spring-security-web"
 	implementation 'jakarta.validation:jakarta.validation-api:2.0.2'
 	implementation 'jakarta.persistence:jakarta.persistence-api:3.0.0'
-	implementation 'org.hibernate.orm:hibernate-core:6.0.0.Beta2'
+	implementation 'org.hibernate.orm:hibernate-core:6.1.1.Final'
 	implementation 'org.hibernate.validator:hibernate-validator:7.0.1.Final'
 	implementation 'org.hsqldb:hsqldb:2.5.1'
 	implementation 'org.springframework.data:spring-data-jpa:3.0.0-SNAPSHOT'
@@ -30,7 +30,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -26,6 +27,7 @@ import org.springframework.security.web.SecurityFilterChain;

 import static org.springframework.security.config.Customizer.withDefaults;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -31,7 +31,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -26,6 +27,7 @@ import org.springframework.security.web.SecurityFilterChain;

 import static org.springframework.security.config.Customizer.withDefaults;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -31,7 +31,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -16,12 +16,14 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -30,7 +30,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -17,6 +17,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -28,6 +29,7 @@ import org.springframework.security.web.SecurityFilterChain;

 import static org.springframework.security.config.Customizer.withDefaults;

+@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfiguration {
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -31,20 +31,21 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa

 == Run the Sample

-=== Start up the application
-
-You should run the application war in a servlet container like Tomcat
+=== Start up the Sample Boot Application
+```
+ ./gradlew :spring-security-samples-boot-saml2login:bootRun
+```

 === Open a Browser

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

@@ -17,7 +17,7 @@
 plugins {
 	id "java"
 	id "nebula.integtest" version "8.2.0"
-	id "org.gretty" version "3.0.6"
+	id "org.gretty" version "4.0.0"
 	id "war"
 }

@@ -54,7 +54,7 @@ dependencies {
 	testImplementation "org.springframework:spring-test"
 	testImplementation "org.springframework.security:spring-security-test"
 	testImplementation("org.junit.jupiter:junit-jupiter-api")
-	testImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	testImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 	testImplementation 'org.hamcrest:hamcrest:2.2'
 	testImplementation 'org.awaitility:awaitility:4.2.0'

@@ -1,5 +1,5 @@
 gretty {
-	servletContainer = "tomcat9"
+	servletContainer = "tomcat10"
 	contextPath = "/"
 	fileLogEnabled = false
 	integrationTestTask = 'integrationTest'
@@ -38,4 +38,4 @@ project.tasks.matching { it.name == "integrationTest" }.all {
 		integrationTest.systemProperty 'app.httpBaseURI', httpBaseUrl
 		integrationTest.systemProperty 'app.httpsBaseURI', httpsBaseUrl
 	}
-}
+}
@@ -16,6 +16,8 @@

 package example;

+import java.util.ArrayList;
+import java.util.List;
 import java.util.concurrent.TimeUnit;

 import com.gargoylesoftware.htmlunit.ElementNotFoundException;
@@ -72,7 +74,7 @@ public class Saml2JavaConfigurationITests {
 	void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
 		performLogin();
 		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
-		assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
+		assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
 	}

 	@Test
@@ -81,7 +83,20 @@ public class Saml2JavaConfigurationITests {
 		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
 		HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
 		HtmlPage loginPage = rpLogoutButton.click();
-		assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
+		this.webClient.waitForBackgroundJavaScript(10000);
+		List<String> urls = new ArrayList<>();
+		urls.add(loginPage.getUrl().getFile());
+		urls.add(((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).getUrl().getFile());
+		assertThat(urls).withFailMessage(() -> {
+			// @formatter:off
+			String builder = loginPage.asXml()
+					+ "\n\n\n"
+					+ "Enclosing Page"
+					+ "\n\n\n"
+					+ ((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).asXml();
+			// @formatter:on
+			return builder;
+		}).contains("/login?logout");
 	}

 	private void performLogin() throws Exception {
@@ -22,6 +22,7 @@ import java.security.interfaces.RSAPrivateKey;

 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.security.config.Customizer;
@@ -35,6 +36,7 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.web.SecurityFilterChain;

+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -1,6 +1,6 @@
 plugins {
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
 }
@@ -47,6 +47,7 @@ public class SecurityConfig {
 		// @formatter:off
 		http
 			.authorizeHttpRequests((authorize) -> authorize
+				.antMatchers("/favicon.ico").permitAll()
 				.mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager)
 				.anyRequest().authenticated()
 			)
@@ -62,7 +63,8 @@ public class SecurityConfig {
 						return filter;
 					}
 				})
-			);
+			)
+			.securityContext((context) -> context.requireExplicitSave(false));
 		// @formatter:on
 		return http.build();
 	}
@@ -1,6 +1,6 @@
 plugins {
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
 }
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -24,7 +24,7 @@ import org.openqa.selenium.WebDriver;
 import org.openqa.selenium.htmlunit.HtmlUnitDriver;

 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;

 /**
 * Integration tests.
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id 'java'
 }
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id 'java'
 }
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '2.6.4'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -13,7 +13,7 @@ repositories {

 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
-	implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.0'
+	implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.0.0-M1'

 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
@@ -1,2 +1,2 @@
-version=5.7.0-SNAPSHOT
-spring-security.version=5.7.0-SNAPSHOT
+version=6.0.0-SNAPSHOT
+spring-security.version=6.0.0-SNAPSHOT
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
@@ -75,6 +75,7 @@ public class OAuth2AuthorizationServerApplicationITests {
 		// @formatter:off
 		this.mockMvc.perform(post("/oauth2/token")
 				.param("grant_type", "client_credentials")
+				.param("scope", "message:read message:write")
 				.with(basicAuth(CLIENT_ID, CLIENT_SECRET)))
 				.andExpect(status().isOk())
 				.andExpect(jsonPath("$.access_token").isString())
@@ -35,7 +35,7 @@ import org.springframework.context.annotation.Role;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -47,8 +47,9 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.config.ClientSettings;
-import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
+import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;

@@ -58,6 +59,7 @@ import org.springframework.security.web.SecurityFilterChain;
 * @author Steve Riesenberg
 */
@Configuration
+@EnableWebSecurity
 public class OAuth2AuthorizationServerSecurityConfiguration {

 	@Bean
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -41,6 +41,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -328,6 +329,7 @@ public class OAuth2LoginApplicationTests {
 		return response;
 	}

+	@Configuration
 	@EnableWebSecurity
 	public static class SecurityTestConfig {

@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -17,6 +17,7 @@ package example;

 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -30,6 +31,7 @@ import org.springframework.security.web.SecurityFilterChain;
 *
 * @author Josh Cummings
 */
+@Configuration
@EnableWebSecurity
 public class OAuth2ResourceServerSecurityConfiguration {

@@ -15,7 +15,7 @@
 */

 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -40,6 +40,7 @@ import com.nimbusds.jwt.proc.JWTProcessor;

 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
@@ -53,6 +54,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
 *
 * @author Josh Cummings
 */
+@Configuration
@EnableWebSecurity
 public class OAuth2ResourceServerSecurityConfiguration {

@@ -15,7 +15,7 @@
 */

 plugins {
-	id 'org.springframework.boot' version '2.6.4'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -1,2 +1,2 @@
-version=5.7.0-SNAPSHOT
-spring-security.version=5.7.0-SNAPSHOT
+version=6.0.0-SNAPSHOT
+spring-security.version=6.0.0-SNAPSHOT
@@ -19,7 +19,7 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -15,7 +15,7 @@
 */

 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -17,6 +17,7 @@ package example;

 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -27,6 +28,7 @@ import org.springframework.security.web.SecurityFilterChain;
 *
 * @author Josh Cummings
 */
+@Configuration
@EnableWebSecurity
 public class OAuth2ResourceServerSecurityConfiguration {

@@ -15,7 +15,7 @@
 */

 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -15,7 +15,7 @@
 */

 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -16,6 +16,7 @@
 package example;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -31,6 +32,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
 *
 * @author Joe Grandja
 */
+@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {

@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -33,19 +33,20 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa

 === Start up the Sample Boot Application
 ```
- ./gradlew :spring-security-samples-boot-saml2login:bootRun
+ ./gradlew :servlet:spring-boot:java:saml2:login-single-tenant:bootRun
+
 ```

 === Open a Browser

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -24,7 +24,7 @@ dependencies {
 	implementation 'org.springframework.security:spring-security-saml2-service-provider'
 	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'

-	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
+	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.64.0'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 }
@@ -16,6 +16,9 @@

 package example;

+import java.util.ArrayList;
+import java.util.List;
+
 import com.gargoylesoftware.htmlunit.ElementNotFoundException;
 import com.gargoylesoftware.htmlunit.WebClient;
 import com.gargoylesoftware.htmlunit.html.HtmlElement;
@@ -53,7 +56,7 @@ public class Saml2LoginApplicationITests {
 	void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
 		performLogin();
 		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
-		assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
+		assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
 	}

 	@Test
@@ -62,7 +65,20 @@ public class Saml2LoginApplicationITests {
 		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
 		HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
 		HtmlPage loginPage = rpLogoutButton.click();
-		assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
+		this.webClient.waitForBackgroundJavaScript(10000);
+		List<String> urls = new ArrayList<>();
+		urls.add(loginPage.getUrl().getFile());
+		urls.add(((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).getUrl().getFile());
+		assertThat(urls).withFailMessage(() -> {
+			// @formatter:off
+			String builder = loginPage.asXml()
+					+ "\n\n\n"
+					+ "Enclosing Page"
+					+ "\n\n\n"
+					+ ((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).asXml();
+			// @formatter:on
+			return builder;
+		}).contains("/login?logout");
 	}

 	private void performLogin() throws Exception {
@@ -35,7 +35,6 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
-import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
@@ -84,10 +83,8 @@ public class SecurityConfiguration {
 		Saml2X509Credential signing = Saml2X509Credential.signing(privateKey, relyingPartyCertificate());
 		RelyingPartyRegistration two = RelyingPartyRegistrations
 				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
-				.registrationId("two")
-				.signingX509Credentials((c) -> c.add(signing))
-				.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo")
-				.build();
+				.registrationId("two").signingX509Credentials((c) -> c.add(signing))
+				.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo").build();
 		return new InMemoryRelyingPartyRegistrationRepository(two);
 	}

@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -33,19 +33,19 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa

 === Start up the Sample Boot Application
 ```
- ./gradlew :spring-security-samples-boot-saml2login:bootRun
+ ./gradlew :servlet:spring-boot:java:saml2:login:bootRun
 ```

 === Open a Browser

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -14,9 +14,9 @@ repositories {

 dependencies {
 	constraints {
-		implementation "org.opensaml:opensaml-core:4.1.1"
-		implementation "org.opensaml:opensaml-saml-api:4.1.1"
-		implementation "org.opensaml:opensaml-saml-impl:4.1.1"
+		implementation "org.opensaml:opensaml-core:4.2.0"
+		implementation "org.opensaml:opensaml-saml-api:4.2.0"
+		implementation "org.opensaml:opensaml-saml-impl:4.2.0"
 	}
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
@@ -24,10 +24,9 @@ dependencies {
 	implementation 'org.springframework.security:spring-security-saml2-service-provider'
 	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'

-	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
+	testImplementation 'net.sourceforge.htmlunit:htmlunit'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
-	testImplementation 'org.awaitility:awaitility:4.2.0'
 }

 tasks.withType(Test).configureEach {
@@ -16,7 +16,8 @@

 package example;

-import java.util.concurrent.TimeUnit;
+import java.util.ArrayList;
+import java.util.List;

 import com.gargoylesoftware.htmlunit.ElementNotFoundException;
 import com.gargoylesoftware.htmlunit.WebClient;
@@ -27,8 +28,6 @@ import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
 import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
 import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.DisplayName;
-import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;

 import org.springframework.beans.factory.annotation.Autowired;
@@ -37,7 +36,6 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.web.servlet.MockMvc;

 import static org.assertj.core.api.Assertions.assertThat;
-import static org.awaitility.Awaitility.await;

@SpringBootTest
@AutoConfigureMockMvc
@@ -54,16 +52,42 @@ public class Saml2LoginApplicationITests {
 		this.webClient.getCookieManager().clearCookies();
 	}

-	private void performLogin(String registrationId) throws Exception {
+	@Test
+	void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
+		performLogin();
+		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
+		assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
+	}
+
+	@Test
+	void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
+		performLogin();
+		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
+		HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
+		HtmlPage loginPage = rpLogoutButton.click();
+		this.webClient.waitForBackgroundJavaScript(10000);
+		List<String> urls = new ArrayList<>();
+		urls.add(loginPage.getUrl().getFile());
+		urls.add(((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).getUrl().getFile());
+		assertThat(urls).withFailMessage(() -> {
+			// @formatter:off
+			String builder = loginPage.asXml()
+					+ "\n\n\n"
+					+ "Enclosing Page"
+					+ "\n\n\n"
+					+ ((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).asXml();
+			// @formatter:on
+			return builder;
+		}).contains("/login?logout");
+	}
+
+	private void performLogin() throws Exception {
 		HtmlPage login = this.webClient.getPage("/");
-		login.getAnchorByHref("/saml2/authenticate/" + registrationId).click();
 		this.webClient.waitForBackgroundJavaScript(10000);
-		HtmlPage okta = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
-		this.webClient.waitForBackgroundJavaScript(10000);
-		HtmlForm form = findForm(okta);
+		HtmlForm form = findForm(login);
 		HtmlInput username = form.getInputByName("username");
 		HtmlPasswordInput password = form.getInputByName("password");
-		HtmlSubmitInput submit = okta.getHtmlElementById("okta-signin-submit");
+		HtmlSubmitInput submit = login.getHtmlElementById("okta-signin-submit");
 		username.type("testuser@spring.security.saml");
 		password.type("12345678");
 		submit.click();
@@ -71,8 +95,6 @@ public class Saml2LoginApplicationITests {
 	}

 	private HtmlForm findForm(HtmlPage login) {
-		await().atMost(10, TimeUnit.SECONDS)
-				.until(() -> login.getForms().stream().map(HtmlForm::getId).anyMatch("form19"::equals));
 		for (HtmlForm form : login.getForms()) {
 			try {
 				if (form.getId().equals("form19")) {
@@ -86,48 +108,4 @@ public class Saml2LoginApplicationITests {
 		throw new IllegalStateException("Could not resolve login form");
 	}

-	@DisplayName("Tenant one tests")
-	@Nested
-	class TenantOneTests {
-
-		@Test
-		void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
-			performLogin("one");
-			HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
-			assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
-		}
-
-		@Test
-		void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
-			performLogin("one");
-			HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
-			HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
-			HtmlPage loginPage = rpLogoutButton.click();
-			assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
-		}
-
-	}
-
-	@DisplayName("Tenant two tests")
-	@Nested
-	class TenantTwoTests {
-
-		@Test
-		void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
-			performLogin("two");
-			HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
-			assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
-		}
-
-		@Test
-		void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
-			performLogin("two");
-			HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
-			HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
-			HtmlPage loginPage = rpLogoutButton.click();
-			assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
-		}
-
-	}
-
 }
@@ -1,104 +0,0 @@
-/*
- * Copyright 2002-2021 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package example;
-
-import java.io.InputStream;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.saml2.core.Saml2X509Credential;
-import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
-import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
-import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
-import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
-import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
-import org.springframework.security.web.SecurityFilterChain;
-
-@Configuration
-public class SecurityConfiguration {
-
-	@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey;
-
-	@Bean
-	SecurityFilterChain app(HttpSecurity http) throws Exception {
-		// @formatter:off
-		http
-			.authorizeHttpRequests((authorize) -> authorize
-				.anyRequest().authenticated()
-			)
-			.saml2Login(Customizer.withDefaults())
-			.saml2Logout(Customizer.withDefaults());
-		// @formatter:on
-
-		return http.build();
-	}
-
-	@Bean
-	RelyingPartyRegistrationResolver relyingPartyRegistrationResolver(
-			RelyingPartyRegistrationRepository registrations) {
-		return new DefaultRelyingPartyRegistrationResolver(registrations);
-	}
-
-	@Bean
-	FilterRegistrationBean<Saml2MetadataFilter> metadata(RelyingPartyRegistrationResolver registrations) {
-		Saml2MetadataFilter metadata = new Saml2MetadataFilter(registrations, new OpenSamlMetadataResolver());
-		FilterRegistrationBean<Saml2MetadataFilter> filter = new FilterRegistrationBean<>(metadata);
-		filter.setOrder(-101);
-		return filter;
-	}
-
-	@Bean
-	RelyingPartyRegistrationRepository repository() {
-		RelyingPartyRegistration one = addRelyingPartyDetails(RelyingPartyRegistrations
-				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
-				.registrationId("one")).build();
-		RelyingPartyRegistration two = addRelyingPartyDetails(RelyingPartyRegistrations
-				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
-				.registrationId("two")).build();
-		return new InMemoryRelyingPartyRegistrationRepository(one, two);
-	}
-
-	RelyingPartyRegistration.Builder addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
-		Saml2X509Credential signing = Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate());
-		return builder
-				.signingX509Credentials((c) -> c.add(signing))
-				.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo");
-	}
-
-	X509Certificate relyingPartyCertificate() {
-		Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
-		try (InputStream is = resource.getInputStream()) {
-			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
-		}
-		catch (Exception ex) {
-			throw new UnsupportedOperationException(ex);
-		}
-	}
-
-}
@@ -1,2 +1,16 @@
 logging.level:
  org.springframework.security: TRACE
+
+spring:
+  security:
+    saml2:
+      relyingparty:
+        registration:
+          one:
+            signing.credentials:
+              - private-key-location: classpath:credentials/rp-private.key
+                certificate-location: classpath:credentials/rp-certificate.crt
+            singlelogout:
+              binding: POST
+              url: "{baseUrl}/logout/saml2/slo"
+            assertingparty.metadata-uri: https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata
@@ -1,24 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD
-VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX
-c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw
-aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa
-BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD
-DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr
-QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62
-E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz
-2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW
-RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ
-nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5
-cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph
-iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5
-ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD
-AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO
-nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v
-ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu
-xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z
-V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3
-lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk
-----END CERTIFICATE-----
@@ -1,4 +1,4 @@
-= SAML 2.0 Login & Logout Sample
+= SAML 2.0 Refreshable Metadata

 This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.
 It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -45,12 +45,14 @@ This particular implementation uses a `@Scheduled` annotation to update its meta

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

+
+
@@ -1,5 +1,5 @@
 plugins {
-	id 'org.springframework.boot' version '3.0.0-M1'
+	id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id "nebula.integtest" version "8.2.0"
 	id 'java'
@@ -24,7 +24,7 @@ dependencies {
 	implementation 'org.springframework.security:spring-security-saml2-service-provider'
 	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'

-	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
+	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.64.0'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 }
@@ -52,7 +52,7 @@ public class Saml2LoginApplicationITests {
 	void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
 		performLogin();
 		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
-		assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
+		assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
 	}

 	private void performLogin() throws Exception {
@@ -68,7 +68,7 @@ public class RefreshableRelyingPartyRegistrationRepository

 	private void fetchMetadata(String registrationId, Saml2RelyingPartyProperties.Registration registration) {
 		RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistrations
-				.fromMetadataLocation(registration.getIdentityprovider().getMetadataUri())
+				.fromMetadataLocation(registration.getAssertingparty().getMetadataUri())
 				.signingX509Credentials((credentials) -> registration.getSigning().getCredentials().stream()
 						.map(this::asSigningCredential).forEach(credentials::add))
 				.registrationId(registrationId).build();
@@ -7,7 +7,7 @@ spring:
            signing.credentials:
              - private-key-location: classpath:credentials/rp-private.key
                certificate-location: classpath:credentials/rp-certificate.crt
-            identityprovider:
+            assertingparty:
              metadata-uri: https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata

 logging.level:
@@ -1,7 +1,7 @@
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile

 plugins {
-    id("org.springframework.boot") version "3.0.0-M1"
+    id("org.springframework.boot") version "3.0.0-SNAPSHOT"
    id("io.spring.dependency-management") version "1.0.11.RELEASE"
    kotlin("jvm") version "1.6.0"
    kotlin("plugin.spring") version "1.6.0"
@@ -17,6 +17,7 @@
 package org.springframework.security.samples.config

 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.core.userdetails.User
@@ -27,6 +28,7 @@ import org.springframework.security.web.SecurityFilterChain
 /**
 * @author Eleftheria Stein
 */
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -46,7 +46,7 @@ dependencies {

 	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")

-	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
 }

 tasks.withType(Test).configureEach {
@@ -1,8 +0,0 @@
-# Properties file with server URL settings for remote access.
-# Applied by PropertyPlaceholderConfigurer from "clientContext.xml".
-#
-
-serverName=localhost
-httpPort=8080
-contextPath=/spring-security-sample-contacts-filter
-rmiPort=1099
@@ -1,73 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "https://www.springframework.org/dtd/spring-beans.dtd">
-
-<!--
-  - Contacts web application
-  - Client application context
-  -->
-
-<beans>
-
-	<!-- Resolves ${...} placeholders from client.properties -->
-	<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
-		<property name="location"><value>client.properties</value></property>
-	</bean>
-
-	<!-- Proxy for the RMI-exported ContactManager -->
-	<!-- COMMENTED OUT BY DEFAULT TO AVOID CONFLICTS WITH APPLICATION SERVERS
-	<bean id="rmiProxy" class="org.springframework.remoting.rmi.RmiProxyFactoryBean">
-		<property name="serviceInterface">
-			<value>sample.contact.ContactManager</value>
-		</property>
-		<property name="serviceUrl">
-			<value>rmi://${serverName}:${rmiPort}/contactManager</value>
-		</property>
-		<property name="remoteInvocationFactory">
-			<ref bean="remoteInvocationFactory"/>
-		</property>
-	</bean>
-
-	<bean id="remoteInvocationFactory" class="org.springframework.security.ui.rmi.ContextPropagatingRemoteInvocationFactory"/>
-	-->
-
-	<!-- Proxy for the HTTP-invoker-exported ContactManager -->
-	<!-- Spring's HTTP invoker uses Java serialization via HTTP	 -->
-	<bean id="httpInvokerProxy" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
-		<property name="serviceInterface">
-			<value>sample.contact.ContactManager</value>
-		</property>
-		<property name="serviceUrl">
-			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-httpinvoker</value>
-		</property>
-		<property name="httpInvokerRequestExecutor">
-			<ref bean="httpInvokerRequestExecutor"/>
-		</property>
-	</bean>
-
-	<!-- Automatically propagates ContextHolder-managed Authentication principal
-		 and credentials to a HTTP invoker BASIC authentication header -->
-	<bean id="httpInvokerRequestExecutor" class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
-
-	<!-- Proxy for the Hessian-exported ContactManager
-	<bean id="hessianProxy" class="org.springframework.remoting.caucho.HessianProxyFactoryBean">
-		<property name="serviceInterface">
-			<value>sample.contact.ContactManager</value>
-		</property>
-		<property name="serviceUrl">
-			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-hessian</value>
-		</property>
-	</bean>
-	-->
-
-	<!-- Proxy for the Burlap-exported ContactManager
-	<bean id="burlapProxy" class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
-		<property name="serviceInterface">
-			<value>sample.contact.ContactManager</value>
-		</property>
-		<property name="serviceUrl">
-			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-burlap</value>
-		</property>
-	</bean>
-	-->
-
-</beans>
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Marcus Da Coregio	6e6ec5845e	Fix imports	2022-09-23 08:26:00 -03:00
Marcus Da Coregio	70891cd497	Add more information for SAML2 tests failure	2022-09-22 15:55:47 -03:00
Marcus Da Coregio	738463be8c	Wait for background javascript after SAML 2.0 Logout	2022-09-19 08:47:46 -03:00
Marcus Da Coregio	26b20435c7	Add Gradle Enterprise plugin Issue gh-94	2022-09-16 08:52:31 -03:00
Marcus Da Coregio	0d2c94c1d8	Accept gradle Terms of Service Issue gh-94	2022-09-16 08:52:31 -03:00
Marcus Da Coregio	13c2ee4dd7	Add new task that runs all subproject's tests	2022-09-16 08:52:30 -03:00
Marcus Da Coregio	db4ff2eb77	Add milestone repository to SAML 2.0 XML sample	2022-09-14 13:39:03 -03:00
Marcus Da Coregio	4c2fcd0863	Revert "Add Gradle Enterprise plugin" This reverts commit `b047d4f7ff`.	2022-09-13 08:25:41 -03:00
Marcus Da Coregio	b59fdda518	Revert "Accept gradle Terms of Service" This reverts commit `44c9bd050f`.	2022-09-13 08:25:38 -03:00
Marcus Da Coregio	b047d4f7ff	Add Gradle Enterprise plugin Issue gh-94	2022-09-12 15:12:19 -03:00
Marcus Da Coregio	44c9bd050f	Accept gradle Terms of Service Issue gh-94	2022-09-12 14:58:18 -03:00
Marcus Da Coregio	2df5617803	Update htmlunit-driver version	2022-09-06 15:39:04 -03:00
Marcus Da Coregio	d3ed41d5ee	Polish :saml2:login sample	2022-08-31 09:35:05 -03:00
Steve Riesenberg	e6c04b8f0e	Update to Spring Authorization Server 1.0.0-M1	2022-08-16 18:23:50 -05:00
Steve Riesenberg	f27c00cbfa	Update Spring Authorization Server sample to Spring Boot 2.7.2	2022-08-16 18:23:20 -05:00
Steve Riesenberg	f1764e06c6	Update to Spring Authorization Server 0.3.1	2022-08-16 18:22:51 -05:00
Rob Winch	83e593b71c	Remove remoting from contacts sample Closes gh-90	2022-08-15 14:09:51 -05:00
Rob Winch	aafe457420	Revert "Remove contacts sample" This reverts commit `c0d5ff70fc`.	2022-08-15 14:02:07 -05:00
Rob Winch	c0d5ff70fc	Remove contacts sample It uses HttpInvokerServiceExporter which has been removed from Spring Framework	2022-08-15 13:59:45 -05:00
Rob Winch	6bed57d79b	Add @Configuraiton with @Enable* Closes gh-85	2022-08-09 16:26:13 -05:00
Rob Winch	46db71921d	Add Missing @Configuration @Enable*	2022-08-09 16:25:52 -05:00
Joshua Sattler	e96d4cf602	Add @Configuration on @Enable*-annotated classes	2022-07-29 23:10:17 +02:00
Josh Cummings	33c5cb8bf8	Use url instead of response-url	2022-07-28 18:07:40 -06:00
Marcus Da Coregio	dac72b8cce	Fix command to run Spring Boot SAML2 samples	2022-07-28 16:16:35 -03:00
Josh Cummings	28a4a94b9a	Simplify Saml2 Login Sample	2022-07-27 17:13:11 -06:00
Josh Cummings	c2f34ad1de	Update Dependencies for Saml2 Login Sample	2022-07-27 17:12:30 -06:00
Marcus Da Coregio	655cf77ea4	Update org.hibernate.orm:hibernate-core to 6.1.1.Final	2022-07-12 14:03:17 -03:00
Marcus Da Coregio	58e53e3e8e	Update gretty for java-configuration:saml2-login sample Issue gh-81	2022-07-01 14:10:13 -03:00
Josh Cummings	4819b13ada	Update Kotlin Hello Security to Boot 3.0.0-SNAPSHOT	2022-06-17 10:37:57 -06:00
Steve Riesenberg	b42984ef8b	Update to Spring Authorization Server 0.2.3	2022-05-18 15:38:59 -05:00
Rob Winch	2347dd638a	Remove Deprecated Local*Port	2022-05-12 15:53:50 -05:00
Marcus Da Coregio	554f1961db	Add init script to be used in Spring Security CI Issue https://github.com/spring-projects/spring-security/issues/10344	2022-05-11 12:16:35 -03:00
cammorris	162ee60efb	make favicon public Even though the resource doesn't exist, chrome (and probably other browsers) will request the favicon after requesting the "second-factor" page. Requests for the favicon prevented proceeding past the second-factor page and never hitting the POST to "second-factor". Instead, the sample prompts for the username, again. Exposing favicon (even though it doesn't exist) resolves the issue.	2022-05-03 16:53:32 -05:00
Steve Riesenberg	bc3fc6b2e0	Add gradle wrapper Closes gh-51	2022-05-03 12:54:29 -05:00
Eleftheria Stein	cbbf5bb4bb	Align asserting party property with Spring Boot Closes gh-74	2022-04-26 12:07:35 +02:00
Marcus Da Coregio	6892a95805	Require explicit save false in MFA sample	2022-04-20 11:06:56 -03:00
Marcus Da Coregio	cadaa9ac4f	Use asserting-party in Spring Boot SAML config	2022-04-20 11:06:40 -03:00
Eleftheria Stein	2b7ce67ff5	Update samples to Spring Boot 3.0.0-SNAPSHOT Closes gh-69	2022-04-13 17:02:20 +02:00
Eleftheria Stein	ebf0e1f181	Update to Gradle 7.4 Closes gh-70	2022-04-13 17:00:52 +02:00
Marcus Da Coregio	2ffc2dd22a	Fix formatting and checkstyle	2022-04-01 14:02:44 -03:00
Josh Cummings	6a91568319	Simplify SAML configuration	2022-03-31 12:50:32 -06:00
Marcus Da Coregio	551f715b7c	Update README for SAML 2.0 samples	2022-03-28 13:54:11 -03:00