pac4j-saml uses an insecure random number generation. It generates entity ID with predictable randomness for SAML2 Authentication Request as it relies on random numbers generated using an insecure RandomStringUtils PRNG algorithm from apache commons-lang3 RandomStringUtil
class.