diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security-gn5-overrides.properties b/web/src/main/webapp/WEB-INF/config-security/config-security-gn5-overrides.properties
new file mode 100644
index 00000000000..4a40a8c6c40
--- /dev/null
+++ b/web/src/main/webapp/WEB-INF/config-security/config-security-gn5-overrides.properties
@@ -0,0 +1,51 @@
+# Copyright (C) 2024 Food and Agriculture Organization of the
+# United Nations (FAO-UN), United Nations World Food Programme (WFP)
+# and United Nations Environment Programme (UNEP)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+#
+# Contact: Jeroen Ticheler - FAO - Viale delle Terme di Caracalla 2,
+# Rome - Italy. email: geonetwork@osgeo.org
+jwtheadersConfiguration.JwtConfiguration.userNameHeaderAttributeName=${JWTHEADERS_UserNameHeaderName:gn5.to.gn4.trusted.json.auth}
+jwtheadersConfiguration.JwtConfiguration.userNameFormatChoice=${JWTHEADERS_UserNameFormat:JSON}
+
+jwtheadersConfiguration.JwtConfiguration.UserNameJsonPath=${JWTHEADERS_UserNameJsonPath:username}
+
+
+jwtheadersConfiguration.JwtConfiguration.rolesJsonPath=${JWTHEADERS_RolesJsonPath:resource_access.live-key2.roles}
+jwtheadersConfiguration.JwtConfiguration.rolesHeaderName=${JWTHEADERS_RolesHeaderName:OIDC_id_token_payload}
+jwtheadersConfiguration.JwtConfiguration.jwtHeaderRoleSource=${JWTHEADERS_JwtHeaderRoleSource:DB}
+
+jwtheadersConfiguration.JwtConfiguration.roleConverterString=${JWTHEADERS_RoleConverterString:"GeonetworkAdministrator=ADMINISTRATOR"}
+jwtheadersConfiguration.JwtConfiguration.onlyExternalListedRoles=${JWTHEADERS_OnlyExternalListedRoles:false}
+
+jwtheadersConfiguration.JwtConfiguration.validateToken=${JWTHEADERS_ValidateToken:false}
+
+jwtheadersConfiguration.JwtConfiguration.validateTokenExpiry=${JWTHEADERS_ValidateTokenExpiry:false}
+
+
+jwtheadersConfiguration.JwtConfiguration.validateTokenAgainstURL=${JWTHEADERS_ValidateTokenAgainstURL:true}
+jwtheadersConfiguration.JwtConfiguration.validateTokenAgainstURLEndpoint=${JWTHEADERS_ValidateTokenAgainstURLEndpoint:}
+jwtheadersConfiguration.JwtConfiguration.validateSubjectWithEndpoint=${JWTHEADERS_ValidateSubjectWithEndpoint:true}
+
+jwtheadersConfiguration.JwtConfiguration.validateTokenAudience=${JWTHEADERS_ValidateTokenAudience:true}
+jwtheadersConfiguration.JwtConfiguration.validateTokenAudienceClaimName=${JWTHEADERS_ValidateTokenAudienceClaimName:""}
+jwtheadersConfiguration.JwtConfiguration.validateTokenAudienceClaimValue=${JWTHEADERS_ValidateTokenAudienceClaimValue:""}
+
+jwtheadersConfiguration.JwtConfiguration.validateTokenSignature=${JWTHEADERS_ValidateTokenSignature:true}
+jwtheadersConfiguration.JwtConfiguration.validateTokenSignatureURL=${JWTHEADERS_ValidateTokenSignatureURL:""}
+
+jwtHeadersSecurityConfig.UpdateProfile=${JWTHEADERS_UpdateProfile:false}
+jwtHeadersSecurityConfig.UpdateGroup=${JWTHEADERS_UpdateGroup:false}
diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security-gn5.xml b/web/src/main/webapp/WEB-INF/config-security/config-security-gn5.xml
new file mode 100644
index 00000000000..2838c0eda77
--- /dev/null
+++ b/web/src/main/webapp/WEB-INF/config-security/config-security-gn5.xml
@@ -0,0 +1,36 @@
+
+
+
+
+
+
+
diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-base.xml b/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-base.xml
new file mode 100644
index 00000000000..8e2545deb14
--- /dev/null
+++ b/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-base.xml
@@ -0,0 +1,73 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers.xml b/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers.xml
index ab44098d659..b0b03ef0423 100644
--- a/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers.xml
+++ b/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers.xml
@@ -22,57 +22,15 @@
-->
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security.xml b/web/src/main/webapp/WEB-INF/config-security/config-security.xml
index b618dd2727a..c99f3b6a244 100644
--- a/web/src/main/webapp/WEB-INF/config-security/config-security.xml
+++ b/web/src/main/webapp/WEB-INF/config-security/config-security.xml
@@ -59,6 +59,7 @@
jwt-headers-multi - This adds two configurable jwt-headers filters. This is useful for BOTH OIDC and OAUTH2 (access token)
at the same time.
+ (see config-security-jwt-headers-multi.xml and -overrides.properties for details)
+ gn5 - GeoNetwork 5 security based on jwt-headers
ldap - ldap security (see config-security-ldap.xml for more details)
ldap-recursive - ldap-recursive security (see config-security-ldap-recursive.xml for more details)
ecas - ecas security (see config-security-ecas.xml for more details)