spring-boot single-sign-on jwt spring-security-oauth2 spring-security-saml2

Is Spring Boot SSO based on JWT?

I was wondering if Spring Boot SSO implementation is based on JWT or keeps the session open in the server memory?

Thanks in advance.

Solution

The answer would depend on which Spring implementation you are referring to

Spring Security SAML
Spring Security OAuth

I would discuss more on the latter i.e. OAuth and in that you have multiple options. You can use the in-memory token store to debug and test it out, but for production implementations, you can use different token stores. JWT and JDBC are pretty popular in my experience.

How to use different authentication methods for different paths using Spring Security
how to fetch and validate csv header in open csv?
Exception in thread "main" java.lang.IllegalStateException: Attempted to load Config resource 'class path resource [application.yml]'
How to enable all endpoints in actuator (Spring Boot 2.0.0 RC1)
Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
Problem with file directory link in amazon s3
WebFluxSecurity does not add Authentication to SecurityContext
WebMvcTest and entitMangerFactory missing reference
Spring Authorization Server: "invalid_client" Error Despite Correct Client Configuration while requesting registration_endpoint
R2DBC: Convert Integer to Boolean for Specific Column in Spring Data Entity
How do I add audience validation using Spring OAuth without needing the issuer?
Multi-Tenant Spring boot web application
CORS in Spring Security (Spring Boot 3)
Illegal base64url character: ' ' when getting claims/decode from token Java JWT Spring Boot
Is it possible to unset a Spring Boot property, for test purposes?
What's wrong that always returns null for the repository and the test fails?
Spring Boot Hibernate 6.6.0 delete TransientObjectException after update
Getting refresh token for gmail API with Spring Security
Task execution is not working after lunching the task in spring cloud data flow
docker-compose up gives 'failed to read dockerfile: error from sender'
Does client credentials flow prevent from concurrent authentication attempts?
Use Keycloak Spring Adapter with Spring Boot 3
Spring Boot with React and Keycloak: redirect to Keycloak's login page fails due to CORS error (no Access-Control-Allow-Origin header set)
Component scan for configuration class could not be used with conditions in REGISTER_BEAN
unit test @Valid of springboot without having to spin up / mock the server
How to call a service from Main application calls Spring Boot?
Extra unnecessary join with filtering and EntityGraph in Spring Data JPA Repository
Spring JBDC bad SQL grammar on PostgreSQL
Test REST APIs on a real server (without localhost )
How can I pass an array of objects in query params in postman for the post request?