Spring Security 6 uses OpenSAML 4.1.1 which has a dependency on the standard (non-FIPS) distribution of BouncyCastle.
Has anyone devised a workaround to make Spring Security 6 FIPS-compliant? I haven't been able to find a way to bypass this dependency.