# Authentication
Spring Security provides comprehensive support for Authentication. We start by discussing the overall Servlet Authentication Architecture. As you might expect, this section is more abstract describing the architecture without much discussion on how it applies to concrete flows.
If you prefer, you can refer to Authentication Mechanisms for concrete ways in which users can authenticate. These sections focus on specific ways you may want to authenticate and point back at the architecture sections to describe how the specific flows work.
# Authentication Mechanisms
Username and Password - how to authenticate with a username/password
OAuth 2.0 Login - OAuth 2.0 Log In with OpenID Connect and non-standard OAuth 2.0 Login (i.e. GitHub)
SAML 2.0 Login - SAML 2.0 Log In
Central Authentication Server (CAS) - Central Authentication Server (CAS) Support
Remember Me - how to remember a user past session expiration
JAAS Authentication - authenticate with JAAS
OpenID - OpenID Authentication (not to be confused with OpenID Connect)
Pre-Authentication Scenarios - authenticate with an external mechanism such as SiteMinder (opens new window) or Java EE security but still use Spring Security for authorization and protection against common exploits.
X509 Authentication - X509 Authentication