From 0080aeee94a6e4aa37b6dc2c5f607cc41cf7330b Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Mon, 28 Jun 2021 13:17:02 -0600 Subject: [PATCH] Add OpenSAML 3 and 4 Explanation Closes gh-10014 --- .../docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc index 410838e185..85ba3533bb 100644 --- a/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc @@ -154,6 +154,12 @@ Instead, classes like `OpenSaml4AuthenticationRequestFactory` and `OpenSaml4Auth For example, once your application receives a `SAMLResponse` and delegates to `Saml2WebSsoAuthenticationFilter`, the filter will delegate to `OpenSaml4AuthenticationProvider`. +[NOTE] +For backward compatibility, Spring Security will use the latest OpenSAML 3 by default. +Note, though that OpenSAML 3 has reached it's end-of-life and updating to OpenSAML 4.x is recommended. +For that reason, Spring Security supports both OpenSAML 3.x and 4.x. +If you manage your OpenSAML dependency to 4.x, then Spring Security will select its OpenSAML 4.x implementations. + .Authenticating an OpenSAML `Response` image:{figures}/opensamlauthenticationprovider.png[]