Expected Behavior

In Spring boot 2.7.18 existing code was working fine for SAML Login but after migrating it to Spring boot 3.5.0 SAML login is giving error on Authenticating SAML Response

Code --

public class Security {

@Autowired
private ResourceLoader resourceLoader;

public InputStream getXmlFileAsStream() throws IOException {
    Resource resource = resourceLoader.getResource("classpath:metadata.xml");
    return resource.getInputStream();
}   

@Autowired
private SamlUserAuth samlUserDetailService;

@Bean
public SamlUserAuth samlUserDetailService() {
return new SamlUserAuth();
}

@Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() throws Exception {
RelyingPartyRegistration registration = RelyingPartyRegistrations.fromMetadata(getXmlFileAsStream())
.registrationId("saml").entityId("https://www.application.com").assertionConsumerServiceLocation("https://www.application.com/saml")
.singleLogoutServiceLocation("https://www.application.com/logout/saml").singleLogoutServiceResponseLocation("https://www.application.com/logout/saml")
.singleLogoutServiceBinding(Saml2MessageBinding.POST)
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated());
    http.saml2Login(saml2 -> {
        try {
            saml2.relyingPartyRegistrationRepository(relyingPartyRegistrationRepository())
            .loginProcessingUrl("/saml")
            .authenticationManager(new Saml2UserDetailsAuthenticationManager(samlUserDetailService))
            .defaultSuccessUrl("/home").loginPage("/customLogin")
            .failureHandler(new CustomSamlAuthenticationFailureHandler()).permitAll();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }).saml2Logout(Customizer.withDefaults());
    }
}


public class Saml2UserDetailsAuthenticationManager implements AuthenticationManager {
private SamlUserAuth userDetailsServiceImp;
private OpenSaml4AuthenticationProvider openSamlAuthProvider = new OpenSaml4AuthenticationProvider();
public Saml2UserDetailsAuthenticationManager(SamlUserAuth userDetailsServiceImp) {
    this.userDetailsServiceImp = userDetailsServiceImp;
}

public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    Saml2Authentication saml2AuthenticationResult = (Saml2Authentication) openSamlAuthProvider.authenticate(authentication);
    Saml2AuthenticatedPrincipal  principal = (Saml2AuthenticatedPrincipal) saml2AuthenticationResult.getPrincipal();
    saml2AuthenticationResult.getSaml2Response();
    UserDetails userDetails = userDetailsServiceImp.loadUserByUsername(principal.getName());
    return new Saml2WithUserDetailsAuthentication(saml2AuthenticationResult, userDetails);
    }
}



public class SamlUserAuth implements UserDetailsService {
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    // usual config
    }
}



public class Saml2WithUserDetailsAuthentication implements Authentication {
private UserDetails userDetails = null;
private Saml2Authentication saml2Authentication = null;

public Saml2WithUserDetailsAuthentication(Saml2Authentication saml2Authentication, UserDetails userDetails) {
        this.saml2Authentication = saml2Authentication;
        this.userDetails = userDetails;
    }
}

Current Behavior

Error logs

2025-07-28 08:03:54.663 [http-nio-7701-exec-2] WARN o.o.s.s.a.i.AbstractSubjectConfirmationValidator:274 - Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo 2025-07-28 08:03:54.663 [http-nio-7701-exec-2] DEBUG o.o.s.s.a.SAML20AssertionValidator:896 - No subject confirmation methods were met for assertion with ID 'id-4ee40a00-cfe3-4fe0-b452-fa76810bde30' 2025-07-28 08:03:54.663 [http-nio-7701-exec-2] TRACE o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider:370 - Found 2 validation errors in SAML response [id-0b21bdec-b0a4-41b0-85a5-80a9f044da09]: [[invalid_in_response_to] The response contained an InResponseTo attribute [ARQa7b1d4f-b780-4611-8588-e9589dccb8c8] but no saved authentication request was found, [invalid_assertion] Invalid assertion [id-4ee40a00-cfe3-4fe0-b452-fa76810bde30] for SAML response [id-0b21bdec-b0a4-41b0-85a5-80a9f044da09]: No subject confirmation methods were met for assertion with ID 'id-4ee40a00-cfe3-4fe0-b452-fa76810bde30'] 2025-07-28 08:03:54.664 [http-nio-7701-exec-2] TRACE o.s.s.s.p.s.w.a.Saml2WebSsoAuthenticationFilter:372 - Failed to process authentication request org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException: The response contained an InResponseTo attribute [ARQa7b1d4f-b780-4611-8588-e9589dccb8c8] but no saved authentication request was found

Can you please help me out ?