Merge branch '5.7.x' into 5.8.x

docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc

@@ -96,7 +96,7 @@ relyingPartyRegistrationBuilder.assertionConsumerServiceLocation("/saml2/login/s
 == Setting a Clock Skew
 
 It's not uncommon for the asserting and relying parties to have system clocks that aren't perfectly synchronized.
-For that reason, you can configure `OpenSaml4AuthenticationProvider` 's default assertion validator with some tolerance:
+For that reason, you can configure ``OpenSaml4AuthenticationProvider``'s default assertion validator with some tolerance:
 
 ====
 .Java
@@ -238,7 +238,7 @@ open class SecurityConfig {
 <3> Third, return a custom authentication that includes the user details
 
 [NOTE]
-It's not required to call `OpenSaml4AuthenticationProvider` 's default authentication converter.
+It's not required to call ``OpenSaml4AuthenticationProvider``'s default authentication converter.
 It returns a `Saml2AuthenticatedPrincipal` containing the attributes it extracted from ``AttributeStatement``s as well as the single `ROLE_USER` authority.
 
 [[servlet-saml2login-opensamlauthenticationprovider-additionalvalidation]]
@@ -271,7 +271,7 @@ After verifying the signature, it will:
 1. Validate `<AudienceRestriction>` and `<DelegationRestriction>` conditions
 2. Validate ``<SubjectConfirmation>``s, expect for any IP address information
 
-To perform additional validation, you can configure your own assertion validator that delegates to `OpenSaml4AuthenticationProvider` 's default and then performs its own.
+To perform additional validation, you can configure your own assertion validator that delegates to ``OpenSaml4AuthenticationProvider``'s default and then performs its own.
 
 [[servlet-saml2login-opensamlauthenticationprovider-onetimeuse]]
 For example, you can use OpenSAML's `OneTimeUseConditionValidator` to also validate a `<OneTimeUse>` condition, like so:
@@ -325,7 +325,7 @@ provider.setAssertionValidator { assertionToken ->
 ====
 
 [NOTE]
-While recommended, it's not necessary to call `OpenSaml4AuthenticationProvider` 's default assertion validator.
+While recommended, it's not necessary to call ``OpenSaml4AuthenticationProvider``'s default assertion validator.
 A circumstance where you would skip it would be if you don't need it to check the `<AudienceRestriction>` or the `<SubjectConfirmation>` since you are doing those yourself.
 
 [[servlet-saml2login-opensamlauthenticationprovider-decryption]]
@@ -337,7 +337,7 @@ Spring Security decrypts `<saml2:EncryptedAssertion>`, `<saml2:EncryptedAttribut
 The response decrypter is for decrypting encrypted elements of the `<saml2:Response>`, like `<saml2:EncryptedAssertion>`.
 The assertion decrypter is for decrypting encrypted elements of the `<saml2:Assertion>`, like `<saml2:EncryptedAttribute>` and `<saml2:EncryptedID>`.
 
-You can replace `OpenSaml4AuthenticationProvider`'s default decryption strategy with your own.
+You can replace ``OpenSaml4AuthenticationProvider``'s default decryption strategy with your own.
 For example, if you have a separate service that decrypts the assertions in a `<saml2:Response>`, you can use it instead like so:
 
 ====

docs/modules/ROOT/pages/servlet/saml2/login/overview.adoc

@@ -283,7 +283,7 @@ There are two ``@Bean``s that Spring Boot generates for a relying party.
 The first is a `SecurityFilterChain` that configures the app as a relying party.
 When including `spring-security-saml2-service-provider`, the `SecurityFilterChain` looks like:
 
-.Default JWT Configuration
+.Default SAML 2.0 Login Configuration
 ====
 .Java
 [source,java,role="primary"]