diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
index 5d624ddd5..ba157b27d 100644
--- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
+++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -10,6 +10,7 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
 
 @Configuration
 public class WebSecurity {
@@ -43,5 +44,14 @@ protected void configure(HttpSecurity http) throws Exception {
             http.csrf().disable();
             http.headers().frameOptions().disable();
         }
+
+        @Override
+        public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web) throws Exception {
+            super.configure(web);
+
+            StrictHttpFirewall firewall = new StrictHttpFirewall();
+            firewall.setAllowUrlEncodedSlash(true);
+            web.httpFirewall(firewall);
+        }
     }
 }