debugs

src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java

@@ -150,10 +150,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             http.sessionManagement(
                     sessionManagement ->
                             sessionManagement
-                                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+                                    .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                                     .sessionAuthenticationStrategy(
                                             new RegisterSessionAuthenticationStrategy(
                                                     sessionRegistry)) // ?
+                                    .sessionFixation().changeSessionId()
                                     .maximumSessions(10)
                                     .maxSessionsPreventsLogin(false)
                                     .sessionRegistry(sessionRegistry)

src/main/resources/application.properties

@@ -3,11 +3,11 @@ multipart.enabled=true
 logging.level.org.springframework=WARN
 logging.level.org.hibernate=WARN
 logging.level.org.eclipse.jetty=WARN
-#logging.level.org.springframework.security.saml2=TRACE
+logging.level.org.springframework.security.saml2=TRACE
 #logging.level.org.springframework.security=DEBUG
-#logging.level.org.opensaml: DEBUG
+logging.level.org.opensaml: DEBUG
 logging.level.com.zaxxer.hikari=WARN
-
+logging.level.stirling.software.SPDF.config.security: DEBUG
 spring.jpa.open-in-view=false
 
 server.forward-headers-strategy=NATIVE
@@ -30,7 +30,7 @@ server.servlet.context-path=${SYSTEM_ROOTURIPATH:/}
 
 spring.devtools.restart.enabled=true
 spring.devtools.livereload.enabled=true
-spring.devtools.restart.exclude=stirling/software/SPDF/config/security/saml2/**
+spring.devtools.restart.exclude=stirling.software.SPDF.config.security/**
 
 spring.thymeleaf.encoding=UTF-8