Frooodle/license (#1994)

2024-10-14 22:34:41 +01:00
parent ceeecc37ab
commit c85463bc18
124 changed files with 4323 additions and 501 deletions
--- a/src/main/java/stirling/software/SPDF/config/AppConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/AppConfig.java
@@ -160,4 +160,27 @@ public class AppConfig {
    public String accessibilityStatement() {
        return applicationProperties.getLegal().getAccessibilityStatement();
    }
+
+    @Bean(name = "analyticsPrompt")
+    public boolean analyticsPrompt() {
+        return applicationProperties.getSystem().getEnableAnalytics() == null
+                || "undefined".equals(applicationProperties.getSystem().getEnableAnalytics());
+    }
+
+    @Bean(name = "analyticsEnabled")
+    public boolean analyticsEnabled() {
+        if (applicationProperties.getEnterpriseEdition().isEnabled()) return true;
+        return applicationProperties.getSystem().getEnableAnalytics() != null
+                && Boolean.parseBoolean(applicationProperties.getSystem().getEnableAnalytics());
+    }
+
+    @Bean(name = "StirlingPDFLabel")
+    public String stirlingPDFLabel() {
+        return "Stirling-PDF" + " v" + appVersion();
+    }
+
+    @Bean(name = "UUID")
+    public String uuid() {
+        return applicationProperties.getAutomaticallyGenerated().getUUID();
+    }
 }
--- a/src/main/java/stirling/software/SPDF/config/AppUpdateService.java
+++ b/src/main/java/stirling/software/SPDF/config/AppUpdateService.java
@@ -5,6 +5,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Service;

+import stirling.software.SPDF.config.interfaces.ShowAdminInterface;
 import stirling.software.SPDF.model.ApplicationProperties;

@Service
--- a/src/main/java/stirling/software/SPDF/config/InitialSetup.java
+++ b/src/main/java/stirling/software/SPDF/config/InitialSetup.java
@@ -0,0 +1,42 @@
+package stirling.software.SPDF.config;
+
+import java.io.IOException;
+import java.util.UUID;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import jakarta.annotation.PostConstruct;
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.utils.GeneralUtils;
+
+@Component
+@Slf4j
+@Order(Ordered.HIGHEST_PRECEDENCE + 1)
+public class InitialSetup {
+
+    @Autowired private ApplicationProperties applicationProperties;
+
+    @PostConstruct
+    public void initUUIDKey() throws IOException {
+        String uuid = applicationProperties.getAutomaticallyGenerated().getUUID();
+        if (!GeneralUtils.isValidUUID(uuid)) {
+            uuid = UUID.randomUUID().toString(); // Generating a random UUID as the secret key
+            GeneralUtils.saveKeyToConfig("AutomaticallyGenerated.UUID", uuid);
+            applicationProperties.getAutomaticallyGenerated().setUUID(uuid);
+        }
+    }
+
+    @PostConstruct
+    public void initSecretKey() throws IOException {
+        String secretKey = applicationProperties.getAutomaticallyGenerated().getKey();
+        if (!GeneralUtils.isValidUUID(secretKey)) {
+            secretKey = UUID.randomUUID().toString(); // Generating a random UUID as the secret key
+            GeneralUtils.saveKeyToConfig("AutomaticallyGenerated.key", secretKey);
+            applicationProperties.getAutomaticallyGenerated().setKey(secretKey);
+        }
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/LocaleConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/LocaleConfiguration.java
@@ -14,7 +14,7 @@ import org.springframework.web.servlet.i18n.SessionLocaleResolver;
 import stirling.software.SPDF.model.ApplicationProperties;

@Configuration
-public class Beans implements WebMvcConfigurer {
+public class LocaleConfiguration implements WebMvcConfigurer {

    @Autowired ApplicationProperties applicationProperties;

--- a/src/main/java/stirling/software/SPDF/config/MetricsFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/MetricsFilter.java
@@ -13,6 +13,7 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 import stirling.software.SPDF.utils.RequestUriUtils;

@Component
@@ -32,10 +33,11 @@ public class MetricsFilter extends OncePerRequestFilter {
        String uri = request.getRequestURI();

        if (RequestUriUtils.isTrackableResource(request.getContextPath(), uri)) {
-
+            HttpSession session = request.getSession(false);
+            String sessionId = (session != null) ? session.getId() : "no-session";
            Counter counter =
                    Counter.builder("http.requests")
-                            .tag("session", request.getSession().getId())
+                            .tag("session", sessionId)
                            .tag("method", request.getMethod())
                            .tag("uri", uri)
                            .register(meterRegistry);
--- a/src/main/java/stirling/software/SPDF/config/PdfMetadataService.java
+++ b/src/main/java/stirling/software/SPDF/config/PdfMetadataService.java
@@ -1,109 +0,0 @@
-package stirling.software.SPDF.config;
-
-import java.util.Calendar;
-
-import org.apache.pdfbox.pdmodel.PDDocument;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.stereotype.Service;
-
-import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface;
-import stirling.software.SPDF.model.ApplicationProperties;
-import stirling.software.SPDF.model.PdfMetadata;
-
-@Service
-public class PdfMetadataService {
-
-    private final ApplicationProperties applicationProperties;
-    private final String appVersion;
-    private final UserServiceInterface userService;
-
-    @Autowired
-    public PdfMetadataService(
-            ApplicationProperties applicationProperties,
-            @Qualifier("appVersion") String appVersion,
-            @Autowired(required = false) UserServiceInterface userService) {
-        this.applicationProperties = applicationProperties;
-        this.appVersion = appVersion;
-        this.userService = userService;
-    }
-
-    public PdfMetadata extractMetadataFromPdf(PDDocument pdf) {
-        return PdfMetadata.builder()
-                .author(pdf.getDocumentInformation().getAuthor())
-                .producer(pdf.getDocumentInformation().getProducer())
-                .title(pdf.getDocumentInformation().getTitle())
-                .creator(pdf.getDocumentInformation().getCreator())
-                .subject(pdf.getDocumentInformation().getSubject())
-                .keywords(pdf.getDocumentInformation().getKeywords())
-                .creationDate(pdf.getDocumentInformation().getCreationDate())
-                .modificationDate(pdf.getDocumentInformation().getModificationDate())
-                .build();
-    }
-
-    public void setDefaultMetadata(PDDocument pdf) {
-        PdfMetadata metadata = extractMetadataFromPdf(pdf);
-        setMetadataToPdf(pdf, metadata);
-    }
-
-    public void setMetadataToPdf(PDDocument pdf, PdfMetadata pdfMetadata) {
-        setMetadataToPdf(pdf, pdfMetadata, false);
-    }
-
-    public void setMetadataToPdf(PDDocument pdf, PdfMetadata pdfMetadata, boolean newlyCreated) {
-        if (newlyCreated || pdfMetadata.getCreationDate() == null) {
-            setNewDocumentMetadata(pdf, pdfMetadata);
-        }
-        setCommonMetadata(pdf, pdfMetadata);
-    }
-
-    private void setNewDocumentMetadata(PDDocument pdf, PdfMetadata pdfMetadata) {
-
-        String creator = "Stirling-PDF";
-
-        //        if (applicationProperties
-        //                .getEnterpriseEdition()
-        //                .getCustomMetadata()
-        //                .isAutoUpdateMetadata()) {
-
-        // producer =
-        //
-        // applicationProperties.getEnterpriseEdition().getCustomMetadata().getProducer();
-        // creator =
-        // applicationProperties.getEnterpriseEdition().getCustomMetadata().getCreator();
-        // title = applicationProperties.getEnterpriseEdition().getCustomMetadata().getTitle();
-
-        //            if ("{filename}".equals(title)) {
-        //                title = "Filename"; // Replace with actual filename logic
-        //            } else if ("{unchanged}".equals(title)) {
-        //                title = pdfMetadata.getTitle(); // Keep the original title
-        //            }
-        //        }
-
-        pdf.getDocumentInformation().setCreator(creator + " " + appVersion);
-        pdf.getDocumentInformation().setCreationDate(Calendar.getInstance());
-    }
-
-    private void setCommonMetadata(PDDocument pdf, PdfMetadata pdfMetadata) {
-        String producer = "Stirling-PDF";
-        String title = pdfMetadata.getTitle();
-        pdf.getDocumentInformation().setTitle(title);
-        pdf.getDocumentInformation().setProducer(producer + " " + appVersion);
-        pdf.getDocumentInformation().setSubject(pdfMetadata.getSubject());
-        pdf.getDocumentInformation().setKeywords(pdfMetadata.getKeywords());
-        pdf.getDocumentInformation().setModificationDate(Calendar.getInstance());
-
-        String author = pdfMetadata.getAuthor();
-        // if (applicationProperties
-        //        .getEnterpriseEdition()
-        //        .getCustomMetadata()
-        //        .isAutoUpdateMetadata()) {
-        //    author = applicationProperties.getEnterpriseEdition().getCustomMetadata().getAuthor();
-
-        // if (userService != null) {
-        //    author = author.replace("username", userService.getCurrentUsername());
-        // }
-        // }
-        pdf.getDocumentInformation().setAuthor(author);
-    }
-}
--- a/src/main/java/stirling/software/SPDF/config/PostHogConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/PostHogConfig.java
@@ -0,0 +1,34 @@
+package stirling.software.SPDF.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import com.posthog.java.PostHog;
+
+import jakarta.annotation.PreDestroy;
+
+@Configuration
+public class PostHogConfig {
+
+    @Value("${posthog.api.key}")
+    private String posthogApiKey;
+
+    @Value("${posthog.host}")
+    private String posthogHost;
+
+    private PostHog postHogClient;
+
+    @Bean
+    public PostHog postHogClient() {
+        postHogClient = new PostHog.Builder(posthogApiKey).host(posthogHost).build();
+        return postHogClient;
+    }
+
+    @PreDestroy
+    public void shutdownPostHog() {
+        if (postHogClient != null) {
+            postHogClient.shutdown();
+        }
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/fingerprint/FingerprintBasedSessionFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/fingerprint/FingerprintBasedSessionFilter.java
@@ -0,0 +1,68 @@
+// package stirling.software.SPDF.config.fingerprint;
+//
+// import java.io.IOException;
+//
+// import org.springframework.beans.factory.annotation.Autowired;
+// import org.springframework.stereotype.Component;
+// import org.springframework.web.filter.OncePerRequestFilter;
+//
+// import jakarta.servlet.FilterChain;
+// import jakarta.servlet.ServletException;
+// import jakarta.servlet.http.HttpServletRequest;
+// import jakarta.servlet.http.HttpServletResponse;
+// import jakarta.servlet.http.HttpSession;
+// import lombok.extern.slf4j.Slf4j;
+// import stirling.software.SPDF.utils.RequestUriUtils;
+//
+//// @Component
+// @Slf4j
+// public class FingerprintBasedSessionFilter extends OncePerRequestFilter {
+//    private final FingerprintGenerator fingerprintGenerator;
+//    private final FingerprintBasedSessionManager sessionManager;
+//
+//    @Autowired
+//    public FingerprintBasedSessionFilter(
+//            FingerprintGenerator fingerprintGenerator,
+//            FingerprintBasedSessionManager sessionManager) {
+//        this.fingerprintGenerator = fingerprintGenerator;
+//        this.sessionManager = sessionManager;
+//    }
+//
+//    @Override
+//    protected void doFilterInternal(
+//            HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+//            throws ServletException, IOException {
+//
+//        if (RequestUriUtils.isStaticResource(request.getContextPath(), request.getRequestURI())) {
+//            filterChain.doFilter(request, response);
+//            return;
+//        }
+//
+//        String fingerprint = fingerprintGenerator.generateFingerprint(request);
+//        log.debug("Generated fingerprint for request: {}", fingerprint);
+//
+//        HttpSession session = request.getSession();
+//        boolean isNewSession = session.isNew();
+//        String sessionId = session.getId();
+//
+//        if (isNewSession) {
+//            log.info("New session created: {}", sessionId);
+//        }
+//
+//        if (!sessionManager.isFingerPrintAllowed(fingerprint)) {
+//            log.info("Blocked fingerprint detected, redirecting: {}", fingerprint);
+//            response.sendRedirect(request.getContextPath() + "/too-many-requests");
+//            return;
+//        }
+//
+//        session.setAttribute("userFingerprint", fingerprint);
+//        session.setAttribute(
+//                FingerprintBasedSessionManager.STARTUP_TIMESTAMP,
+//                FingerprintBasedSessionManager.APP_STARTUP_TIME);
+//
+//        sessionManager.registerFingerprint(fingerprint, sessionId);
+//
+//        log.debug("Proceeding with request: {}", request.getRequestURI());
+//        filterChain.doFilter(request, response);
+//    }
+// }
--- a/src/main/java/stirling/software/SPDF/config/fingerprint/FingerprintBasedSessionManager.java
+++ b/src/main/java/stirling/software/SPDF/config/fingerprint/FingerprintBasedSessionManager.java
@@ -0,0 +1,134 @@
+// package stirling.software.SPDF.config.fingerprint;
+//
+// import java.util.Iterator;
+// import java.util.Map;
+// import java.util.concurrent.ConcurrentHashMap;
+// import java.util.concurrent.TimeUnit;
+//
+// import org.springframework.scheduling.annotation.Scheduled;
+// import org.springframework.stereotype.Component;
+//
+// import jakarta.servlet.http.HttpSession;
+// import jakarta.servlet.http.HttpSessionAttributeListener;
+// import jakarta.servlet.http.HttpSessionEvent;
+// import jakarta.servlet.http.HttpSessionListener;
+// import lombok.AllArgsConstructor;
+// import lombok.Data;
+// import lombok.extern.slf4j.Slf4j;
+//
+// @Slf4j
+// @Component
+// public class FingerprintBasedSessionManager
+//        implements HttpSessionListener, HttpSessionAttributeListener {
+//    private static final ConcurrentHashMap<String, FingerprintInfo> activeFingerprints =
+//            new ConcurrentHashMap<>();
+//
+//    // To be reduced in later version to 8~
+//    private static final int MAX_ACTIVE_FINGERPRINTS = 30;
+//
+//    static final String STARTUP_TIMESTAMP = "appStartupTimestamp";
+//    static final long APP_STARTUP_TIME = System.currentTimeMillis();
+//    private static final long FINGERPRINT_EXPIRATION = TimeUnit.MINUTES.toMillis(30);
+//
+//    @Override
+//    public void sessionCreated(HttpSessionEvent se) {
+//        HttpSession session = se.getSession();
+//        String sessionId = session.getId();
+//        String fingerprint = (String) session.getAttribute("userFingerprint");
+//
+//        if (fingerprint == null) {
+//            log.warn("Session created without fingerprint: {}", sessionId);
+//            return;
+//        }
+//
+//        synchronized (activeFingerprints) {
+//            if (activeFingerprints.size() >= MAX_ACTIVE_FINGERPRINTS
+//                    && !activeFingerprints.containsKey(fingerprint)) {
+//                log.info("Max fingerprints reached. Marking session as blocked: {}", sessionId);
+//                session.setAttribute("blocked", true);
+//            } else {
+//                activeFingerprints.put(
+//                        fingerprint, new FingerprintInfo(sessionId, System.currentTimeMillis()));
+//                log.info(
+//                        "New fingerprint registered: {}. Total active fingerprints: {}",
+//                        fingerprint,
+//                        activeFingerprints.size());
+//            }
+//            session.setAttribute(STARTUP_TIMESTAMP, APP_STARTUP_TIME);
+//        }
+//    }
+//
+//    @Override
+//    public void sessionDestroyed(HttpSessionEvent se) {
+//        HttpSession session = se.getSession();
+//        String fingerprint = (String) session.getAttribute("userFingerprint");
+//
+//        if (fingerprint != null) {
+//            synchronized (activeFingerprints) {
+//                activeFingerprints.remove(fingerprint);
+//                log.info(
+//                        "Fingerprint removed: {}. Total active fingerprints: {}",
+//                        fingerprint,
+//                        activeFingerprints.size());
+//            }
+//        }
+//    }
+//
+//    public boolean isFingerPrintAllowed(String fingerprint) {
+//        synchronized (activeFingerprints) {
+//            return activeFingerprints.size() < MAX_ACTIVE_FINGERPRINTS
+//                    || activeFingerprints.containsKey(fingerprint);
+//        }
+//    }
+//
+//    public void registerFingerprint(String fingerprint, String sessionId) {
+//        synchronized (activeFingerprints) {
+//            activeFingerprints.put(
+//                    fingerprint, new FingerprintInfo(sessionId, System.currentTimeMillis()));
+//        }
+//    }
+//
+//    public void unregisterFingerprint(String fingerprint) {
+//        synchronized (activeFingerprints) {
+//            activeFingerprints.remove(fingerprint);
+//        }
+//    }
+//
+//    @Scheduled(fixedRate = 1800000) // Run every 30 mins
+//    public void cleanupStaleFingerprints() {
+//        log.info("Starting cleanup of stale fingerprints");
+//        long now = System.currentTimeMillis();
+//        int removedCount = 0;
+//
+//        synchronized (activeFingerprints) {
+//            Iterator<Map.Entry<String, FingerprintInfo>> iterator =
+//                    activeFingerprints.entrySet().iterator();
+//            while (iterator.hasNext()) {
+//                Map.Entry<String, FingerprintInfo> entry = iterator.next();
+//                FingerprintInfo info = entry.getValue();
+//
+//                if (now - info.getLastAccessTime() > FINGERPRINT_EXPIRATION) {
+//                    iterator.remove();
+//                    removedCount++;
+//                    log.info("Removed stale fingerprint: {}", entry.getKey());
+//                }
+//            }
+//        }
+//
+//        log.info("Cleanup complete. Removed {} stale fingerprints", removedCount);
+//    }
+//
+//    public void updateLastAccessTime(String fingerprint) {
+//        FingerprintInfo info = activeFingerprints.get(fingerprint);
+//        if (info != null) {
+//            info.setLastAccessTime(System.currentTimeMillis());
+//        }
+//    }
+//
+//    @Data
+//    @AllArgsConstructor
+//    private static class FingerprintInfo {
+//        private String sessionId;
+//        private long lastAccessTime;
+//    }
+// }
--- a/src/main/java/stirling/software/SPDF/config/fingerprint/FingerprintGenerator.java
+++ b/src/main/java/stirling/software/SPDF/config/fingerprint/FingerprintGenerator.java
@@ -0,0 +1,77 @@
+// package stirling.software.SPDF.config.fingerprint;
+//
+// import java.security.MessageDigest;
+// import java.security.NoSuchAlgorithmException;
+//
+// import org.springframework.stereotype.Component;
+//
+// import jakarta.servlet.http.HttpServletRequest;
+//
+// @Component
+// public class FingerprintGenerator {
+//
+//    public String generateFingerprint(HttpServletRequest request) {
+//        if (request == null) {
+//            return "";
+//        }
+//        StringBuilder fingerprintBuilder = new StringBuilder();
+//
+//        // Add IP address
+//        fingerprintBuilder.append(request.getRemoteAddr());
+//
+//        // Add X-Forwarded-For header if present (for clients behind proxies)
+//        String forwardedFor = request.getHeader("X-Forwarded-For");
+//        if (forwardedFor != null) {
+//            fingerprintBuilder.append(forwardedFor);
+//        }
+//
+//        // Add User-Agent
+//        String userAgent = request.getHeader("User-Agent");
+//        if (userAgent != null) {
+//            fingerprintBuilder.append(userAgent);
+//        }
+//
+//        // Add Accept-Language header
+//        String acceptLanguage = request.getHeader("Accept-Language");
+//        if (acceptLanguage != null) {
+//            fingerprintBuilder.append(acceptLanguage);
+//        }
+//
+//        // Add Accept header
+//        String accept = request.getHeader("Accept");
+//        if (accept != null) {
+//            fingerprintBuilder.append(accept);
+//        }
+//
+//        // Add Connection header
+//        String connection = request.getHeader("Connection");
+//        if (connection != null) {
+//            fingerprintBuilder.append(connection);
+//        }
+//
+//        // Add server port
+//        fingerprintBuilder.append(request.getServerPort());
+//
+//        // Add secure flag
+//        fingerprintBuilder.append(request.isSecure());
+//
+//        // Generate a hash of the fingerprint
+//        return generateHash(fingerprintBuilder.toString());
+//    }
+//
+//    private String generateHash(String input) {
+//        try {
+//            MessageDigest digest = MessageDigest.getInstance("SHA-256");
+//            byte[] hash = digest.digest(input.getBytes());
+//            StringBuilder hexString = new StringBuilder();
+//            for (byte b : hash) {
+//                String hex = Integer.toHexString(0xff & b);
+//                if (hex.length() == 1) hexString.append('0');
+//                hexString.append(hex);
+//            }
+//            return hexString.toString();
+//        } catch (NoSuchAlgorithmException e) {
+//            throw new RuntimeException("Failed to generate fingerprint hash", e);
+//        }
+//    }
+// }
--- a/src/main/java/stirling/software/SPDF/config/interfaces/DatabaseBackupInterface.java
+++ b/src/main/java/stirling/software/SPDF/config/interfaces/DatabaseBackupInterface.java
@@ -1,4 +1,4 @@
-package stirling.software.SPDF.config;
+package stirling.software.SPDF.config.interfaces;

 import java.io.IOException;
 import java.util.List;
--- a/src/main/java/stirling/software/SPDF/config/interfaces/ShowAdminInterface.java
+++ b/src/main/java/stirling/software/SPDF/config/interfaces/ShowAdminInterface.java
@@ -1,4 +1,4 @@
-package stirling.software.SPDF.config;
+package stirling.software.SPDF.config.interfaces;

 public interface ShowAdminInterface {
    default boolean getShowUpdateOnlyAdmins() {
--- a/src/main/java/stirling/software/SPDF/config/security/AppUpdateAuthService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/AppUpdateAuthService.java
@@ -7,7 +7,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;

-import stirling.software.SPDF.config.ShowAdminInterface;
+import stirling.software.SPDF.config.interfaces.ShowAdminInterface;
 import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.repository.UserRepository;
--- a/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
@@ -1,6 +1,8 @@
 package stirling.software.SPDF.config.security;

 import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
 import java.util.Optional;

 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,9 +16,12 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.utils.RequestUriUtils;

+@Slf4j
@Component
 public class FirstLoginFilter extends OncePerRequestFilter {

@@ -50,6 +55,22 @@ public class FirstLoginFilter extends OncePerRequestFilter {
                return;
            }
        }
+
+        if (log.isDebugEnabled()) {
+            HttpSession session = request.getSession(true);
+            SimpleDateFormat timeFormat = new SimpleDateFormat("HH:mm:ss");
+            String creationTime = timeFormat.format(new Date(session.getCreationTime()));
+
+            log.debug(
+                    "Request Info - New: {}, creationTimeSession {}, ID:  {}, IP: {}, User-Agent: {}, Referer: {}, Request URL: {}",
+                    session.isNew(),
+                    creationTime,
+                    session.getId(),
+                    request.getRemoteAddr(),
+                    request.getHeader("User-Agent"),
+                    request.getHeader("Referer"),
+                    request.getRequestURL().toString());
+        }
        filterChain.doFilter(request, response);
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
+++ b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
@@ -1,19 +1,14 @@
 package stirling.software.SPDF.config.security;

 import java.io.IOException;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.UUID;

-import org.simpleyaml.configuration.file.YamlFile;
-import org.simpleyaml.configuration.implementation.SimpleYamlImplementation;
-import org.simpleyaml.configuration.implementation.snakeyaml.lib.DumperOptions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

 import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
-import stirling.software.SPDF.config.DatabaseBackupInterface;
+import stirling.software.SPDF.config.interfaces.DatabaseBackupInterface;
 import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.Role;

@@ -39,15 +34,6 @@ public class InitialSecuritySetup {
        initializeInternalApiUser();
    }

-    @PostConstruct
-    public void initSecretKey() throws IOException {
-        String secretKey = applicationProperties.getAutomaticallyGenerated().getKey();
-        if (!isValidUUID(secretKey)) {
-            secretKey = UUID.randomUUID().toString(); // Generating a random UUID as the secret key
-            saveKeyToConfig(secretKey);
-        }
-    }
-
    private void initializeAdminUser() throws IOException {
        String initialUsername =
                applicationProperties.getSecurity().getInitialLogin().getUsername();
@@ -89,33 +75,4 @@ public class InitialSecuritySetup {
            log.info("Internal API user created: " + Role.INTERNAL_API_USER.getRoleId());
        }
    }
-
-    private void saveKeyToConfig(String key) throws IOException {
-        Path path = Paths.get("configs", "settings.yml"); // Target the configs/settings.yml
-
-        final YamlFile settingsYml = new YamlFile(path.toFile());
-        DumperOptions yamlOptionssettingsYml =
-                ((SimpleYamlImplementation) settingsYml.getImplementation()).getDumperOptions();
-        yamlOptionssettingsYml.setSplitLines(false);
-
-        settingsYml.loadWithComments();
-
-        settingsYml
-                .path("AutomaticallyGenerated.key")
-                .set(key)
-                .comment("# Automatically Generated Settings (Do Not Edit Directly)");
-        settingsYml.save();
-    }
-
-    private boolean isValidUUID(String uuid) {
-        if (uuid == null) {
-            return false;
-        }
-        try {
-            UUID.fromString(uuid);
-            return true;
-        } catch (IllegalArgumentException e) {
-            return false;
-        }
-    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@@ -1,57 +1,55 @@
 package stirling.software.SPDF.config.security;

-import java.util.*;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.registration.ClientRegistrations;
-import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
-import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
+import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.security.web.savedrequest.NullRequestCache;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

+import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationFailureHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationSuccessHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2LogoutSuccessHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2UserService;
+import stirling.software.SPDF.config.security.saml.ConvertResponseToAuthentication;
+import stirling.software.SPDF.config.security.saml.CustomSAMLAuthenticationFailureHandler;
+import stirling.software.SPDF.config.security.saml.CustomSAMLAuthenticationSuccessHandler;
 import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
 import stirling.software.SPDF.model.ApplicationProperties;
-import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
-import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
-import stirling.software.SPDF.model.User;
-import stirling.software.SPDF.model.provider.GithubProvider;
-import stirling.software.SPDF.model.provider.GoogleProvider;
-import stirling.software.SPDF.model.provider.KeycloakProvider;
 import stirling.software.SPDF.repository.JPATokenRepositoryImpl;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
+@Slf4j
 public class SecurityConfiguration {

    @Autowired private CustomUserDetailsService userDetailsService;

-    private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
+    @Autowired(required = false)
+    private GrantedAuthoritiesMapper userAuthoritiesMapper;
+
+    @Autowired(required = false)
+    private RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;

    @Bean
    public PasswordEncoder passwordEncoder() {
@@ -73,13 +71,18 @@ public class SecurityConfiguration {
    @Autowired private FirstLoginFilter firstLoginFilter;
    @Autowired private SessionPersistentRegistry sessionRegistry;

+    @Autowired private ConvertResponseToAuthentication convertResponseToAuthentication;
+
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.addFilterBefore(userAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+        http.authenticationManager(authenticationManager(http));

        if (loginEnabledValue) {
-
-            http.csrf(csrf -> csrf.disable());
+            http.addFilterBefore(
+                    userAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+            if (applicationProperties.getSecurity().getCsrfDisabled()) {
+                http.csrf(csrf -> csrf.disable());
+            }
            http.addFilterBefore(rateLimitingFilter(), UsernamePasswordAuthenticationFilter.class);
            http.addFilterAfter(firstLoginFilter, UsernamePasswordAuthenticationFilter.class);
            http.sessionManagement(
@@ -135,6 +138,7 @@ public class SecurityConfiguration {

                                                        return trimmedUri.startsWith("/login")
                                                                || trimmedUri.startsWith("/oauth")
+                                                                || trimmedUri.startsWith("/saml2")
                                                                || trimmedUri.endsWith(".svg")
                                                                || trimmedUri.startsWith(
                                                                        "/register")
@@ -184,191 +188,82 @@ public class SecurityConfiguration {
                                                                                        userService,
                                                                                        loginAttemptService))
                                                                        .userAuthoritiesMapper(
-                                                                                userAuthoritiesMapper())))
+                                                                                userAuthoritiesMapper)))
                        .logout(
                                logout ->
                                        logout.logoutSuccessHandler(
                                                new CustomOAuth2LogoutSuccessHandler(
                                                        applicationProperties)));
            }
+
+            // Handle SAML
+            if (applicationProperties.getSecurity().getSaml() != null
+                    && applicationProperties.getSecurity().getSaml().getEnabled()
+                    && !applicationProperties
+                            .getSecurity()
+                            .getLoginMethod()
+                            .equalsIgnoreCase("normal")) {
+                http.saml2Login(
+                                saml2 -> {
+                                    saml2.loginPage("/saml2")
+                                            .relyingPartyRegistrationRepository(
+                                                    relyingPartyRegistrationRepository)
+                                            .successHandler(
+                                                    new CustomSAMLAuthenticationSuccessHandler(
+                                                            loginAttemptService,
+                                                            userService,
+                                                            applicationProperties))
+                                            .failureHandler(
+                                                    new CustomSAMLAuthenticationFailureHandler());
+                                })
+                        .addFilterBefore(
+                                userAuthenticationFilter, Saml2WebSsoAuthenticationFilter.class);
+            }
        } else {
-            http.csrf(csrf -> csrf.disable())
-                    .authorizeHttpRequests(authz -> authz.anyRequest().permitAll());
+            if (applicationProperties.getSecurity().getCsrfDisabled()) {
+                http.csrf(csrf -> csrf.disable());
+            }
+            http.authorizeHttpRequests(authz -> authz.anyRequest().permitAll());
        }

        return http.build();
    }

-    // Client Registration Repository for OAUTH2 OIDC Login
    @Bean
    @ConditionalOnProperty(
-            value = "security.oauth2.enabled",
+            name = "security.saml.enabled",
            havingValue = "true",
            matchIfMissing = false)
-    public ClientRegistrationRepository clientRegistrationRepository() {
-        List<ClientRegistration> registrations = new ArrayList<>();
-
-        githubClientRegistration().ifPresent(registrations::add);
-        oidcClientRegistration().ifPresent(registrations::add);
-        googleClientRegistration().ifPresent(registrations::add);
-        keycloakClientRegistration().ifPresent(registrations::add);
-
-        if (registrations.isEmpty()) {
-            logger.error("At least one OAuth2 provider must be configured");
-            System.exit(1);
-        }
-
-        return new InMemoryClientRegistrationRepository(registrations);
+    public AuthenticationProvider samlAuthenticationProvider() {
+        OpenSaml4AuthenticationProvider authenticationProvider =
+                new OpenSaml4AuthenticationProvider();
+        authenticationProvider.setResponseAuthenticationConverter(convertResponseToAuthentication);
+        return authenticationProvider;
    }

-    private Optional<ClientRegistration> googleClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null || !oauth.getEnabled()) {
-            return Optional.empty();
-        }
-        Client client = oauth.getClient();
-        if (client == null) {
-            return Optional.empty();
-        }
-        GoogleProvider google = client.getGoogle();
-        return google != null && google.isSettingsValid()
-                ? Optional.of(
-                        ClientRegistration.withRegistrationId(google.getName())
-                                .clientId(google.getClientId())
-                                .clientSecret(google.getClientSecret())
-                                .scope(google.getScopes())
-                                .authorizationUri(google.getAuthorizationuri())
-                                .tokenUri(google.getTokenuri())
-                                .userInfoUri(google.getUserinfouri())
-                                .userNameAttributeName(google.getUseAsUsername())
-                                .clientName(google.getClientName())
-                                .redirectUri("{baseUrl}/login/oauth2/code/" + google.getName())
-                                .authorizationGrantType(
-                                        org.springframework.security.oauth2.core
-                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
-                                .build())
-                : Optional.empty();
-    }
+    //    @Bean
+    //    public AuthenticationProvider daoAuthenticationProvider() {
+    //        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+    //        provider.setUserDetailsService(userDetailsService); // UserDetailsService
+    //        provider.setPasswordEncoder(passwordEncoder()); // PasswordEncoder
+    //        return provider;
+    //    }

-    private Optional<ClientRegistration> keycloakClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null || !oauth.getEnabled()) {
-            return Optional.empty();
-        }
-        Client client = oauth.getClient();
-        if (client == null) {
-            return Optional.empty();
-        }
-        KeycloakProvider keycloak = client.getKeycloak();
-
-        return keycloak != null && keycloak.isSettingsValid()
-                ? Optional.of(
-                        ClientRegistrations.fromIssuerLocation(keycloak.getIssuer())
-                                .registrationId(keycloak.getName())
-                                .clientId(keycloak.getClientId())
-                                .clientSecret(keycloak.getClientSecret())
-                                .scope(keycloak.getScopes())
-                                .userNameAttributeName(keycloak.getUseAsUsername())
-                                .clientName(keycloak.getClientName())
-                                .build())
-                : Optional.empty();
-    }
-
-    private Optional<ClientRegistration> githubClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null || !oauth.getEnabled()) {
-            return Optional.empty();
-        }
-        Client client = oauth.getClient();
-        if (client == null) {
-            return Optional.empty();
-        }
-        GithubProvider github = client.getGithub();
-        return github != null && github.isSettingsValid()
-                ? Optional.of(
-                        ClientRegistration.withRegistrationId(github.getName())
-                                .clientId(github.getClientId())
-                                .clientSecret(github.getClientSecret())
-                                .scope(github.getScopes())
-                                .authorizationUri(github.getAuthorizationuri())
-                                .tokenUri(github.getTokenuri())
-                                .userInfoUri(github.getUserinfouri())
-                                .userNameAttributeName(github.getUseAsUsername())
-                                .clientName(github.getClientName())
-                                .redirectUri("{baseUrl}/login/oauth2/code/" + github.getName())
-                                .authorizationGrantType(
-                                        org.springframework.security.oauth2.core
-                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
-                                .build())
-                : Optional.empty();
-    }
-
-    private Optional<ClientRegistration> oidcClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null
-                || oauth.getIssuer() == null
-                || oauth.getIssuer().isEmpty()
-                || oauth.getClientId() == null
-                || oauth.getClientId().isEmpty()
-                || oauth.getClientSecret() == null
-                || oauth.getClientSecret().isEmpty()
-                || oauth.getScopes() == null
-                || oauth.getScopes().isEmpty()
-                || oauth.getUseAsUsername() == null
-                || oauth.getUseAsUsername().isEmpty()) {
-            return Optional.empty();
-        }
-        return Optional.of(
-                ClientRegistrations.fromIssuerLocation(oauth.getIssuer())
-                        .registrationId("oidc")
-                        .clientId(oauth.getClientId())
-                        .clientSecret(oauth.getClientSecret())
-                        .scope(oauth.getScopes())
-                        .userNameAttributeName(oauth.getUseAsUsername())
-                        .clientName("OIDC")
-                        .build());
-    }
-
-    /*
-    This following function is to grant Authorities to the OAUTH2 user from the values stored in the database.
-    This is required for the internal; 'hasRole()' function to give out the correct role.
-     */
    @Bean
-    @ConditionalOnProperty(
-            value = "security.oauth2.enabled",
-            havingValue = "true",
-            matchIfMissing = false)
-    GrantedAuthoritiesMapper userAuthoritiesMapper() {
-        return (authorities) -> {
-            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
+        AuthenticationManagerBuilder authenticationManagerBuilder =
+                http.getSharedObject(AuthenticationManagerBuilder.class);

-            authorities.forEach(
-                    authority -> {
-                        // Add existing OAUTH2 Authorities
-                        mappedAuthorities.add(new SimpleGrantedAuthority(authority.getAuthority()));
+        //        authenticationManagerBuilder =
+        //                authenticationManagerBuilder.authenticationProvider(
+        //                        daoAuthenticationProvider()); // Benutzername/Passwort

-                        // Add Authorities from database for existing user, if user is present.
-                        if (authority instanceof OAuth2UserAuthority oauth2Auth) {
-                            String useAsUsername =
-                                    applicationProperties
-                                            .getSecurity()
-                                            .getOauth2()
-                                            .getUseAsUsername();
-                            Optional<User> userOpt =
-                                    userService.findByUsernameIgnoreCase(
-                                            (String) oauth2Auth.getAttributes().get(useAsUsername));
-                            if (userOpt.isPresent()) {
-                                User user = userOpt.get();
-                                if (user != null) {
-                                    mappedAuthorities.add(
-                                            new SimpleGrantedAuthority(
-                                                    userService.findRole(user).getAuthority()));
-                                }
-                            }
-                        }
-                    });
-            return mappedAuthorities;
-        };
+        if (applicationProperties.getSecurity().getSaml() != null
+                && applicationProperties.getSecurity().getSaml().getEnabled()) {
+            authenticationManagerBuilder.authenticationProvider(
+                    samlAuthenticationProvider()); // SAML
+        }
+        return authenticationManagerBuilder.build();
    }

    @Bean
@@ -386,4 +281,14 @@ public class SecurityConfiguration {
    public boolean activSecurity() {
        return true;
    }
+
+    //    // Only Dev test
+    //    @Bean
+    //    public WebSecurityCustomizer webSecurityCustomizer() {
+    //        return (web) ->
+    //                web.ignoring()
+    //                        .requestMatchers(
+    //                                "/css/**", "/images/**", "/js/**", "/**.svg",
+    // "/pdfjs-legacy/**");
+    //    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
@@ -5,7 +5,6 @@ import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;

-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.http.HttpStatus;
@@ -30,13 +29,18 @@ import stirling.software.SPDF.model.User;
@Component
 public class UserAuthenticationFilter extends OncePerRequestFilter {

-    @Autowired @Lazy private UserService userService;
+    private final UserService userService;
+    private final SessionPersistentRegistry sessionPersistentRegistry;
+    private final boolean loginEnabledValue;

-    @Autowired private SessionPersistentRegistry sessionPersistentRegistry;
-
-    @Autowired
-    @Qualifier("loginEnabled")
-    public boolean loginEnabledValue;
+    public UserAuthenticationFilter(
+            @Lazy UserService userService,
+            SessionPersistentRegistry sessionPersistentRegistry,
+            @Qualifier("loginEnabled") boolean loginEnabledValue) {
+        this.userService = userService;
+        this.sessionPersistentRegistry = sessionPersistentRegistry;
+        this.loginEnabledValue = loginEnabledValue;
+    }

    @Override
    protected void doFilterInternal(
@@ -51,6 +55,19 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
        String requestURI = request.getRequestURI();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

+        // Check for session expiration (unsure if needed)
+        //        if (authentication != null && authentication.isAuthenticated()) {
+        //            String sessionId = request.getSession().getId();
+        //            SessionInformation sessionInfo =
+        //                    sessionPersistentRegistry.getSessionInformation(sessionId);
+        //
+        //            if (sessionInfo != null && sessionInfo.isExpired()) {
+        //                SecurityContextHolder.clearContext();
+        //                response.sendRedirect(request.getContextPath() + "/login?expired=true");
+        //                return;
+        //            }
+        //        }
+
        // Check for API key in the request headers if no authentication exists
        if (authentication == null || !authentication.isAuthenticated()) {
            String apiKey = request.getHeader("X-API-Key");
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@@ -19,7 +19,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;

-import stirling.software.SPDF.config.DatabaseBackupInterface;
+import stirling.software.SPDF.config.interfaces.DatabaseBackupInterface;
 import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
 import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface;
 import stirling.software.SPDF.model.AuthenticationType;
@@ -44,6 +44,10 @@ public class UserService implements UserServiceInterface {

    @Autowired DatabaseBackupInterface databaseBackupHelper;

+    public long getTotalUserCount() {
+        return userRepository.count();
+    }
+
    // Handle OAUTH2 login and user auto creation.
    public boolean processOAuth2PostLogin(String username, boolean autoCreateUser)
            throws IllegalArgumentException, IOException {
--- a/src/main/java/stirling/software/SPDF/config/security/database/DatabaseBackupHelper.java
+++ b/src/main/java/stirling/software/SPDF/config/security/database/DatabaseBackupHelper.java
@@ -24,7 +24,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;

 import lombok.extern.slf4j.Slf4j;
-import stirling.software.SPDF.config.DatabaseBackupInterface;
+import stirling.software.SPDF.config.interfaces.DatabaseBackupInterface;
 import stirling.software.SPDF.utils.FileInfo;

@Slf4j
--- a/src/main/java/stirling/software/SPDF/config/security/saml/ConvertResponseToAuthentication.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/ConvertResponseToAuthentication.java
@@ -0,0 +1,68 @@
+package stirling.software.SPDF.config.security.saml;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import org.opensaml.saml.saml2.core.Assertion;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.ResponseToken;
+import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
+import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Component
+@Slf4j
+public class ConvertResponseToAuthentication
+        implements Converter<ResponseToken, Saml2Authentication> {
+
+    private final Saml2AuthorityAttributeLookup saml2AuthorityAttributeLookup;
+
+    public ConvertResponseToAuthentication(
+            Saml2AuthorityAttributeLookup saml2AuthorityAttributeLookup) {
+        this.saml2AuthorityAttributeLookup = saml2AuthorityAttributeLookup;
+    }
+
+    @Override
+    public Saml2Authentication convert(ResponseToken responseToken) {
+        final Assertion assertion =
+                CollectionUtils.firstElement(responseToken.getResponse().getAssertions());
+        final Map<String, List<Object>> attributes =
+                SamlAssertionUtils.getAssertionAttributes(assertion);
+        final String registrationId =
+                responseToken.getToken().getRelyingPartyRegistration().getRegistrationId();
+        final ScimSaml2AuthenticatedPrincipal principal =
+                new ScimSaml2AuthenticatedPrincipal(
+                        assertion,
+                        attributes,
+                        saml2AuthorityAttributeLookup.getIdentityMappings(registrationId));
+        final Collection<? extends GrantedAuthority> assertionAuthorities =
+                getAssertionAuthorities(
+                        attributes,
+                        saml2AuthorityAttributeLookup.getAuthorityAttribute(registrationId));
+        return new Saml2Authentication(
+                principal, responseToken.getToken().getSaml2Response(), assertionAuthorities);
+    }
+
+    private static Collection<? extends GrantedAuthority> getAssertionAuthorities(
+            final Map<String, List<Object>> attributes, final String authoritiesAttributeName) {
+        if (attributes == null || attributes.isEmpty()) {
+            return Collections.emptySet();
+        }
+
+        final List<Object> groups = new ArrayList<>(attributes.get(authoritiesAttributeName));
+        return groups.stream()
+                .filter(String.class::isInstance)
+                .map(String.class::cast)
+                .map(String::toLowerCase)
+                .map(SimpleGrantedAuthority::new)
+                .collect(Collectors.toSet());
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/CustomSAMLAuthenticationFailureHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/CustomSAMLAuthenticationFailureHandler.java
@@ -0,0 +1,51 @@
+package stirling.software.SPDF.config.security.saml;
+
+import java.io.IOException;
+
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class CustomSAMLAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+
+    @Override
+    public void onAuthenticationFailure(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            AuthenticationException exception)
+            throws IOException, ServletException {
+
+        if (exception instanceof BadCredentialsException) {
+            log.error("BadCredentialsException", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/login?error=badcredentials");
+            return;
+        }
+        if (exception instanceof DisabledException) {
+            log.error("User is deactivated: ", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");
+            return;
+        }
+        if (exception instanceof LockedException) {
+            log.error("Account locked: ", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/logout?error=locked");
+            return;
+        }
+        if (exception instanceof Saml2AuthenticationException) {
+            log.error("SAML2 Authentication error: ", exception);
+            getRedirectStrategy()
+                    .sendRedirect(request, response, "/logout?error=saml2AuthenticationError");
+            return;
+        }
+        log.error("Unhandled authentication exception", exception);
+        super.onAuthenticationFailure(request, response, exception);
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/CustomSAMLAuthenticationSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/CustomSAMLAuthenticationSuccessHandler.java
@@ -0,0 +1,108 @@
+package stirling.software.SPDF.config.security.saml;
+
+import java.io.IOException;
+
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.savedrequest.SavedRequest;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.config.security.LoginAttemptService;
+import stirling.software.SPDF.config.security.UserService;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.AuthenticationType;
+import stirling.software.SPDF.utils.RequestUriUtils;
+
+@Slf4j
+public class CustomSAMLAuthenticationSuccessHandler
+        extends SavedRequestAwareAuthenticationSuccessHandler {
+
+    private LoginAttemptService loginAttemptService;
+    private UserService userService;
+    private ApplicationProperties applicationProperties;
+
+    public CustomSAMLAuthenticationSuccessHandler(
+            LoginAttemptService loginAttemptService,
+            UserService userService,
+            ApplicationProperties applicationProperties) {
+        this.loginAttemptService = loginAttemptService;
+        this.userService = userService;
+        this.applicationProperties = applicationProperties;
+    }
+
+    @Override
+    public void onAuthenticationSuccess(
+            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws ServletException, IOException {
+
+        Object principal = authentication.getPrincipal();
+        String username = "";
+
+        if (principal instanceof OAuth2User) {
+            OAuth2User oauthUser = (OAuth2User) principal;
+            username = oauthUser.getName();
+        } else if (principal instanceof UserDetails) {
+            UserDetails oauthUser = (UserDetails) principal;
+            username = oauthUser.getUsername();
+        } else if (principal instanceof ScimSaml2AuthenticatedPrincipal) {
+            ScimSaml2AuthenticatedPrincipal samlPrincipal =
+                    (ScimSaml2AuthenticatedPrincipal) principal;
+            username = samlPrincipal.getName();
+        }
+
+        // Get the saved request
+        HttpSession session = request.getSession(false);
+        String contextPath = request.getContextPath();
+        SavedRequest savedRequest =
+                (session != null)
+                        ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
+                        : null;
+
+        if (savedRequest != null
+                && !RequestUriUtils.isStaticResource(contextPath, savedRequest.getRedirectUrl())) {
+            // Redirect to the original destination
+            super.onAuthenticationSuccess(request, response, authentication);
+        } else {
+            OAUTH2 oAuth = applicationProperties.getSecurity().getOauth2();
+
+            if (loginAttemptService.isBlocked(username)) {
+                if (session != null) {
+                    session.removeAttribute("SPRING_SECURITY_SAVED_REQUEST");
+                }
+                throw new LockedException(
+                        "Your account has been locked due to too many failed login attempts.");
+            }
+            if (userService.usernameExistsIgnoreCase(username)
+                    && userService.hasPassword(username)
+                    && !userService.isAuthenticationTypeByUsername(
+                            username, AuthenticationType.OAUTH2)
+                    && oAuth.getAutoCreateUser()) {
+                response.sendRedirect(contextPath + "/logout?oauth2AuthenticationErrorWeb=true");
+                return;
+            }
+            try {
+                if (oAuth.getBlockRegistration()
+                        && !userService.usernameExistsIgnoreCase(username)) {
+                    response.sendRedirect(contextPath + "/logout?oauth2_admin_blocked_user=true");
+                    return;
+                }
+                if (principal instanceof OAuth2User) {
+                    userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser());
+                }
+                response.sendRedirect(contextPath + "/");
+                return;
+            } catch (IllegalArgumentException e) {
+                response.sendRedirect(contextPath + "/logout?invalidUsername=true");
+                return;
+            }
+        }
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/SAMLLogoutSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/SAMLLogoutSuccessHandler.java
@@ -0,0 +1,38 @@
+package stirling.software.SPDF.config.security.saml;
+
+import java.io.IOException;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class SAMLLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
+
+    @Override
+    public void onLogoutSuccess(
+            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException {
+
+        String redirectUrl = determineTargetUrl(request, response, authentication);
+
+        if (response.isCommitted()) {
+            log.debug("Response has already been committed. Unable to redirect to " + redirectUrl);
+            return;
+        }
+
+        getRedirectStrategy().sendRedirect(request, response, redirectUrl);
+    }
+
+    protected String determineTargetUrl(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            Authentication authentication) {
+        // Default to the root URL
+        return "/";
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/Saml2AuthorityAttributeLookup.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/Saml2AuthorityAttributeLookup.java
@@ -0,0 +1,7 @@
+package stirling.software.SPDF.config.security.saml;
+
+public interface Saml2AuthorityAttributeLookup {
+    String getAuthorityAttribute(String registrationId);
+
+    SimpleScimMappings getIdentityMappings(String registrationId);
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/Saml2AuthorityAttributeLookupImpl.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/Saml2AuthorityAttributeLookupImpl.java
@@ -0,0 +1,17 @@
+package stirling.software.SPDF.config.security.saml;
+
+import org.springframework.stereotype.Component;
+
+@Component
+public class Saml2AuthorityAttributeLookupImpl implements Saml2AuthorityAttributeLookup {
+
+    @Override
+    public String getAuthorityAttribute(String registrationId) {
+        return "authorityAttributeName";
+    }
+
+    @Override
+    public SimpleScimMappings getIdentityMappings(String registrationId) {
+        return new SimpleScimMappings();
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/SamlAssertionUtils.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/SamlAssertionUtils.java
@@ -0,0 +1,63 @@
+package stirling.software.SPDF.config.security.saml;
+
+import java.time.Instant;
+import java.util.*;
+
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.schema.*;
+import org.opensaml.saml.saml2.core.Assertion;
+
+public class SamlAssertionUtils {
+
+    public static Map<String, List<Object>> getAssertionAttributes(Assertion assertion) {
+        Map<String, List<Object>> attributeMap = new LinkedHashMap<>();
+
+        assertion
+                .getAttributeStatements()
+                .forEach(
+                        attributeStatement -> {
+                            attributeStatement
+                                    .getAttributes()
+                                    .forEach(
+                                            attribute -> {
+                                                List<Object> attributeValues = new ArrayList<>();
+
+                                                attribute
+                                                        .getAttributeValues()
+                                                        .forEach(
+                                                                xmlObject -> {
+                                                                    Object attributeValue =
+                                                                            getXmlObjectValue(
+                                                                                    xmlObject);
+                                                                    if (attributeValue != null) {
+                                                                        attributeValues.add(
+                                                                                attributeValue);
+                                                                    }
+                                                                });
+
+                                                attributeMap.put(
+                                                        attribute.getName(), attributeValues);
+                                            });
+                        });
+
+        return attributeMap;
+    }
+
+    public static Object getXmlObjectValue(XMLObject xmlObject) {
+        if (xmlObject instanceof XSAny) {
+            return ((XSAny) xmlObject).getTextContent();
+        } else if (xmlObject instanceof XSString) {
+            return ((XSString) xmlObject).getValue();
+        } else if (xmlObject instanceof XSInteger) {
+            return ((XSInteger) xmlObject).getValue();
+        } else if (xmlObject instanceof XSURI) {
+            return ((XSURI) xmlObject).getURI();
+        } else if (xmlObject instanceof XSBoolean) {
+            return ((XSBoolean) xmlObject).getValue().getValue();
+        } else if (xmlObject instanceof XSDateTime) {
+            Instant dateTime = ((XSDateTime) xmlObject).getValue();
+            return (dateTime != null) ? Instant.ofEpochMilli(dateTime.toEpochMilli()) : null;
+        }
+        return null;
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
@@ -0,0 +1,42 @@
+package stirling.software.SPDF.config.security.saml;
+
+import java.security.cert.CertificateException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
+
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.model.ApplicationProperties;
+
+@Configuration
+@Slf4j
+public class SamlConfig {
+
+    @Autowired ApplicationProperties applicationProperties;
+
+    @Bean
+    @ConditionalOnProperty(
+            value = "security.saml.enabled",
+            havingValue = "true",
+            matchIfMissing = false)
+    public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
+            throws CertificateException {
+        RelyingPartyRegistration registration =
+                RelyingPartyRegistrations.fromMetadataLocation(
+                                applicationProperties
+                                        .getSecurity()
+                                        .getSaml()
+                                        .getIdpMetadataLocation())
+                        .entityId(applicationProperties.getSecurity().getSaml().getEntityId())
+                        .registrationId(
+                                applicationProperties.getSecurity().getSaml().getRegistrationId())
+                        .build();
+        return new InMemoryRelyingPartyRegistrationRepository(registration);
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/ScimSaml2AuthenticatedPrincipal.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/ScimSaml2AuthenticatedPrincipal.java
@@ -0,0 +1,89 @@
+package stirling.software.SPDF.config.security.saml;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+
+import org.opensaml.saml.saml2.core.Assertion;
+import org.springframework.security.core.AuthenticatedPrincipal;
+import org.springframework.util.Assert;
+
+import com.unboundid.scim2.common.types.Email;
+import com.unboundid.scim2.common.types.Name;
+import com.unboundid.scim2.common.types.UserResource;
+
+public class ScimSaml2AuthenticatedPrincipal implements AuthenticatedPrincipal, Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    private final transient UserResource userResource;
+
+    public ScimSaml2AuthenticatedPrincipal(
+            final Assertion assertion,
+            final Map<String, List<Object>> attributes,
+            final SimpleScimMappings attributeMappings) {
+        Assert.notNull(assertion, "assertion cannot be null");
+        Assert.notNull(assertion.getSubject(), "assertion subject cannot be null");
+        Assert.notNull(
+                assertion.getSubject().getNameID(), "assertion subject NameID cannot be null");
+        Assert.notNull(attributes, "attributes cannot be null");
+        Assert.notNull(attributeMappings, "attributeMappings cannot be null");
+
+        final Name name =
+                new Name()
+                        .setFamilyName(
+                                getAttribute(
+                                        attributes,
+                                        attributeMappings,
+                                        SimpleScimMappings::getFamilyName))
+                        .setGivenName(
+                                getAttribute(
+                                        attributes,
+                                        attributeMappings,
+                                        SimpleScimMappings::getGivenName));
+
+        final List<Email> emails = new ArrayList<>(1);
+        emails.add(
+                new Email()
+                        .setValue(
+                                getAttribute(
+                                        attributes,
+                                        attributeMappings,
+                                        SimpleScimMappings::getEmail))
+                        .setPrimary(true));
+
+        userResource =
+                new UserResource()
+                        .setUserName(assertion.getSubject().getNameID().getValue())
+                        .setName(name)
+                        .setEmails(emails);
+    }
+
+    private static String getAttribute(
+            final Map<String, List<Object>> attributes,
+            final SimpleScimMappings simpleScimMappings,
+            final Function<SimpleScimMappings, String> attributeMapper) {
+
+        final String key = attributeMapper.apply(simpleScimMappings);
+
+        final List<Object> values = attributes.getOrDefault(key, Collections.emptyList());
+
+        return values.stream()
+                .filter(String.class::isInstance)
+                .map(String.class::cast)
+                .findFirst()
+                .orElse(null);
+    }
+
+    @Override
+    public String getName() {
+        return this.userResource.getUserName();
+    }
+
+    public UserResource getUserResource() {
+        return this.userResource;
+    }
+}
--- a/src/main/java/stirling/software/SPDF/config/security/saml/SimpleScimMappings.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/SimpleScimMappings.java
@@ -0,0 +1,10 @@
+package stirling.software.SPDF.config.security.saml;
+
+import lombok.Data;
+
+@Data
+public class SimpleScimMappings {
+    String givenName;
+    String familyName;
+    String email;
+}
--- a/src/main/java/stirling/software/SPDF/config/security/session/CustomHttpSessionListener.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/CustomHttpSessionListener.java
@@ -11,16 +11,19 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
 public class CustomHttpSessionListener implements HttpSessionListener {

-    @Autowired private SessionPersistentRegistry sessionPersistentRegistry;
+    private SessionPersistentRegistry sessionPersistentRegistry;
+
+    @Autowired
+    public CustomHttpSessionListener(SessionPersistentRegistry sessionPersistentRegistry) {
+        super();
+        this.sessionPersistentRegistry = sessionPersistentRegistry;
+    }

    @Override
-    public void sessionCreated(HttpSessionEvent se) {
-        log.info("Session created: " + se.getSession().getId());
-    }
+    public void sessionCreated(HttpSessionEvent se) {}

    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
-        log.info("Session destroyed: " + se.getSession().getId());
        sessionPersistentRegistry.expireSession(se.getSession().getId());
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/session/SessionPersistentRegistry.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/SessionPersistentRegistry.java
@@ -84,6 +84,14 @@ public class SessionPersistentRegistry implements SessionRegistry {
        }

        if (principalName != null) {
+            // Clear old sessions for the principal (unsure if needed)
+            //            List<SessionEntity> existingSessions =
+            //                    sessionRepository.findByPrincipalName(principalName);
+            //            for (SessionEntity session : existingSessions) {
+            //                session.setExpired(true);
+            //                sessionRepository.save(session);
+            //            }
+
            SessionEntity sessionEntity = new SessionEntity();
            sessionEntity.setSessionId(sessionId);
            sessionEntity.setPrincipalName(principalName);