With the recent release of Spring Security 5.4, we’d like to announce that maintenance for Spring Security SAML Extensions 1.x will end on 6 October 2021.

SAML 2.0 support has been added to the core Spring Security framework over the last three minor releases. There are two main reasons for this.

First, the extension project is based on a version of OpenSAML that the OpenSAML team no longer supports. This version has known CVEs that make it unsafe for use in a production system.

Second, moving the support to the core Spring Security framework allowed us to simplify the API, use the latest OpenSAML, and add long-requested support for features like multi-tenancy and Spring Boot integration.

More SAML work is planned for Spring Security to bring it closer into alignment with the extension’s capabilities. Please feel free to file tickets or contribute features!