diff --git a/CHANGELOG.md b/CHANGELOG.md
index f20ba895..86a687a1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
 - [#4917](https://github.com/oauth2-proxy/oauth2-proxy/pull/4917) Upgraded all modules to the latest version (@pierluigilenoci)
 - [#2570](https://github.com/oauth2-proxy/oauth2-proxy/pull/2570) Set default user agent to oauth2-proxy/$version (from default Golang one)
 - [#2674](https://github.com/oauth2-proxy/oauth2-proxy/pull/2674) docs: additional notes about available claims for HeaderValue (@vegetablest)
+- [#2459](https://github.com/oauth2-proxy/oauth2-proxy/pull/2459) chore(deps): Updated to ginkgo v2 (@kvanzuijlen, @tuunit)
 
 # V7.6.0
 
diff --git a/go.mod b/go.mod
index 3f0463e2..3ef153e3 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/oauth2-proxy/mockoidc v0.0.0-20240214162133-caebfff84d25
 	github.com/oauth2-proxy/tools/reference-gen v0.0.0-20220223111546-d3b50d1a591a
 	github.com/ohler55/ojg v1.22.0
-	github.com/onsi/ginkgo v1.16.5
+	github.com/onsi/ginkgo/v2 v2.17.2
 	github.com/onsi/gomega v1.33.1
 	github.com/pierrec/lz4/v4 v4.1.21
 	github.com/prometheus/client_golang v1.19.1
@@ -57,14 +57,17 @@ require (
 	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/nxadm/tail v1.4.11 // indirect
+	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
@@ -85,11 +88,11 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/tools v0.22.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect
 	google.golang.org/grpc v1.64.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect
diff --git a/go.sum b/go.sum
index 7a1f0ff1..dd136697 100644
--- a/go.sum
+++ b/go.sum
@@ -76,7 +76,6 @@ github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ4
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
@@ -247,8 +246,6 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -341,8 +338,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE=
-google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ=
 google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU=
 google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@@ -350,11 +345,9 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE=
+google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU=
 google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU=
 google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -373,8 +366,6 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -399,8 +390,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
-k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
 k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 h1:wBIDZID8ju9pwOiLlV22YYKjFGtiNSWgHf5CnKLRUuM=
diff --git a/main_suite_test.go b/main_suite_test.go
index 1fafda3e..360a0ee2 100644
--- a/main_suite_test.go
+++ b/main_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/main_test.go b/main_test.go
index fdbd6ebb..761c0c0b 100644
--- a/main_test.go
+++ b/main_test.go
@@ -9,8 +9,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	. "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options/testutil"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/onsi/gomega/format"
 	"github.com/spf13/pflag"
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index 772543f3..488b8cea 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -576,8 +576,11 @@ type SignInPageTest struct {
 	signInProviderRegexp *regexp.Regexp
 }
 
-const signInRedirectPattern = `<input type="hidden" name="rd" value="(.*)">`
-const signInSkipProvider = `>Found<`
+const (
+	signInRedirectPattern = `<input type="hidden" name="rd" value="(.*)">`
+	signInSkipProvider    = `>Found<`
+	patternNotFound       = "Did not find pattern in body: "
+)
 
 func NewSignInPageTest(skipProvider bool) (*SignInPageTest, error) {
 	var sipTest SignInPageTest
@@ -720,7 +723,7 @@ func TestSignInPageIncludesTargetRedirect(t *testing.T) {
 
 	match := sipTest.signInRegexp.FindStringSubmatch(body)
 	if match == nil {
-		t.Fatal("Did not find pattern in body: " +
+		t.Fatal(patternNotFound +
 			signInRedirectPattern + "\nBody:\n" + body)
 	}
 	if match[1] != endpoint {
@@ -750,7 +753,7 @@ func TestSignInPageDirectAccessRedirectsToRoot(t *testing.T) {
 
 	match := sipTest.signInRegexp.FindStringSubmatch(body)
 	if match == nil {
-		t.Fatal("Did not find pattern in body: " +
+		t.Fatal(patternNotFound +
 			signInRedirectPattern + "\nBody:\n" + body)
 	}
 	if match[1] != "/" {
@@ -771,7 +774,7 @@ func TestSignInPageSkipProvider(t *testing.T) {
 
 	match := sipTest.signInProviderRegexp.FindStringSubmatch(body)
 	if match == nil {
-		t.Fatal("Did not find pattern in body: " +
+		t.Fatal(patternNotFound +
 			signInSkipProvider + "\nBody:\n" + body)
 	}
 }
@@ -789,7 +792,7 @@ func TestSignInPageSkipProviderDirect(t *testing.T) {
 
 	match := sipTest.signInProviderRegexp.FindStringSubmatch(body)
 	if match == nil {
-		t.Fatal("Did not find pattern in body: " +
+		t.Fatal(patternNotFound +
 			signInSkipProvider + "\nBody:\n" + body)
 	}
 }
@@ -1212,7 +1215,7 @@ func TestAuthOnlyEndpointSetXAuthRequestHeaders(t *testing.T) {
 
 	pcTest.rw = httptest.NewRecorder()
 	pcTest.req, _ = http.NewRequest("GET",
-		pcTest.opts.ProxyPrefix+"/auth", nil)
+		pcTest.opts.ProxyPrefix+authOnlyPath, nil)
 
 	created := time.Now()
 	startSession := &sessions.SessionState{
@@ -1305,7 +1308,7 @@ func TestAuthOnlyEndpointSetBasicAuthTrueRequestHeaders(t *testing.T) {
 
 	pcTest.rw = httptest.NewRecorder()
 	pcTest.req, _ = http.NewRequest("GET",
-		pcTest.opts.ProxyPrefix+"/auth", nil)
+		pcTest.opts.ProxyPrefix+authOnlyPath, nil)
 
 	created := time.Now()
 	startSession := &sessions.SessionState{
@@ -1385,7 +1388,7 @@ func TestAuthOnlyEndpointSetBasicAuthFalseRequestHeaders(t *testing.T) {
 
 	pcTest.rw = httptest.NewRecorder()
 	pcTest.req, _ = http.NewRequest("GET",
-		pcTest.opts.ProxyPrefix+"/auth", nil)
+		pcTest.opts.ProxyPrefix+authOnlyPath, nil)
 
 	created := time.Now()
 	startSession := &sessions.SessionState{
diff --git a/pkg/apis/middleware/middleware_suite_test.go b/pkg/apis/middleware/middleware_suite_test.go
index 81833e99..ff5f8f92 100644
--- a/pkg/apis/middleware/middleware_suite_test.go
+++ b/pkg/apis/middleware/middleware_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/apis/middleware/scope_test.go b/pkg/apis/middleware/scope_test.go
index 355365bf..f1845518 100644
--- a/pkg/apis/middleware/scope_test.go
+++ b/pkg/apis/middleware/scope_test.go
@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/apis/options/common_test.go b/pkg/apis/options/common_test.go
index 8fc4176b..db33a58b 100644
--- a/pkg/apis/options/common_test.go
+++ b/pkg/apis/options/common_test.go
@@ -5,8 +5,7 @@ import (
 	"errors"
 	"time"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/apis/options/legacy_options_test.go b/pkg/apis/options/legacy_options_test.go
index 4ad7d9fc..84d7661f 100644
--- a/pkg/apis/options/legacy_options_test.go
+++ b/pkg/apis/options/legacy_options_test.go
@@ -3,8 +3,7 @@ package options
 import (
 	"time"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/apis/options/load_test.go b/pkg/apis/options/load_test.go
index 3cf1dad4..32d52fb8 100644
--- a/pkg/apis/options/load_test.go
+++ b/pkg/apis/options/load_test.go
@@ -7,8 +7,7 @@ import (
 	"time"
 
 	. "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options/testutil"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/spf13/pflag"
 )
diff --git a/pkg/apis/options/options_suite_test.go b/pkg/apis/options/options_suite_test.go
index 6f678b03..247344e7 100644
--- a/pkg/apis/options/options_suite_test.go
+++ b/pkg/apis/options/options_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/apis/options/testutil/options_matcher_test.go b/pkg/apis/options/testutil/options_matcher_test.go
index 1bdc65bd..69f4ca2e 100644
--- a/pkg/apis/options/testutil/options_matcher_test.go
+++ b/pkg/apis/options/testutil/options_matcher_test.go
@@ -1,7 +1,7 @@
 package testutil
 
 import (
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/apis/options/util/util_suite_test.go b/pkg/apis/options/util/util_suite_test.go
index ecd5bc21..56cc8aad 100644
--- a/pkg/apis/options/util/util_suite_test.go
+++ b/pkg/apis/options/util/util_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/apis/options/util/util_test.go b/pkg/apis/options/util/util_test.go
index b96c1453..e84db1ec 100644
--- a/pkg/apis/options/util/util_test.go
+++ b/pkg/apis/options/util/util_test.go
@@ -5,7 +5,7 @@ import (
 	"path"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/pagewriter/error_page_test.go b/pkg/app/pagewriter/error_page_test.go
index 7c4f0136..0f8304a4 100644
--- a/pkg/app/pagewriter/error_page_test.go
+++ b/pkg/app/pagewriter/error_page_test.go
@@ -7,7 +7,7 @@ import (
 	"net/http/httptest"
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/pagewriter/pagewriter_suite_test.go b/pkg/app/pagewriter/pagewriter_suite_test.go
index e27eee68..bf69c3df 100644
--- a/pkg/app/pagewriter/pagewriter_suite_test.go
+++ b/pkg/app/pagewriter/pagewriter_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/pagewriter/pagewriter_test.go b/pkg/app/pagewriter/pagewriter_test.go
index eca0c760..7780ab35 100644
--- a/pkg/app/pagewriter/pagewriter_test.go
+++ b/pkg/app/pagewriter/pagewriter_test.go
@@ -9,8 +9,7 @@ import (
 	"os"
 	"path/filepath"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/pagewriter/sign_in_page_test.go b/pkg/app/pagewriter/sign_in_page_test.go
index 521e92d7..eb95ded8 100644
--- a/pkg/app/pagewriter/sign_in_page_test.go
+++ b/pkg/app/pagewriter/sign_in_page_test.go
@@ -12,8 +12,7 @@ import (
 	"strings"
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/pagewriter/static_pages_test.go b/pkg/app/pagewriter/static_pages_test.go
index 9f317517..6ba77452 100644
--- a/pkg/app/pagewriter/static_pages_test.go
+++ b/pkg/app/pagewriter/static_pages_test.go
@@ -10,7 +10,7 @@ import (
 	"path/filepath"
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/pagewriter/templates_test.go b/pkg/app/pagewriter/templates_test.go
index a836c621..7b4a7230 100644
--- a/pkg/app/pagewriter/templates_test.go
+++ b/pkg/app/pagewriter/templates_test.go
@@ -6,7 +6,7 @@ import (
 	"os"
 	"path/filepath"
 
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/redirect/director_test.go b/pkg/app/redirect/director_test.go
index 55359f52..69c01d95 100644
--- a/pkg/app/redirect/director_test.go
+++ b/pkg/app/redirect/director_test.go
@@ -4,8 +4,7 @@ import (
 	"net/http"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
@@ -20,6 +19,7 @@ var _ = Describe("Director Suite", func() {
 		expectedRedirect string
 	}
 
+	const fooBar = "/foo/bar"
 	DescribeTable("GetRedirect",
 		func(in getRedirectTableInput) {
 			appDirector := NewAppDirector(AppDirectorOpts{
@@ -42,11 +42,11 @@ var _ = Describe("Director Suite", func() {
 			Expect(redirect).To(Equal(in.expectedRedirect))
 		},
 		Entry("Request outside of the proxy prefix, redirects to original request", getRedirectTableInput{
-			requestURL:       "/foo/bar",
+			requestURL:       fooBar,
 			headers:          nil,
 			reverseProxy:     false,
 			validator:        testValidator(true),
-			expectedRedirect: "/foo/bar",
+			expectedRedirect: fooBar,
 		}),
 		Entry("Request with query, preserves the query", getRedirectTableInput{
 			requestURL:       "/foo?bar",
@@ -56,7 +56,7 @@ var _ = Describe("Director Suite", func() {
 			expectedRedirect: "/foo?bar",
 		}),
 		Entry("Request under the proxy prefix, redirects to root", getRedirectTableInput{
-			requestURL:       testProxyPrefix + "/foo/bar",
+			requestURL:       testProxyPrefix + fooBar,
 			headers:          nil,
 			reverseProxy:     false,
 			validator:        testValidator(true),
@@ -67,7 +67,7 @@ var _ = Describe("Director Suite", func() {
 			headers: map[string]string{
 				"X-Forwarded-Proto": "https",
 				"X-Forwarded-Host":  "a-service.example.com",
-				"X-Forwarded-Uri":   "/foo/bar",
+				"X-Forwarded-Uri":   fooBar,
 			},
 			reverseProxy:     true,
 			validator:        testValidator(true),
@@ -78,29 +78,29 @@ var _ = Describe("Director Suite", func() {
 			headers: map[string]string{
 				"X-Forwarded-Proto": "https",
 				"X-Forwarded-Host":  "a-service.example.com",
-				"X-Forwarded-Uri":   "/foo/bar",
+				"X-Forwarded-Uri":   fooBar,
 			},
 			reverseProxy:     false,
 			validator:        testValidator(true),
 			expectedRedirect: "/foo?bar",
 		}),
 		Entry("Proxied request with headers, under ProxyPrefix, redirects to  root", getRedirectTableInput{
-			requestURL: "https://oauth.example.com" + testProxyPrefix + "/foo/bar",
+			requestURL: "https://oauth.example.com" + testProxyPrefix + fooBar,
 			headers: map[string]string{
 				"X-Forwarded-Proto": "https",
 				"X-Forwarded-Host":  "a-service.example.com",
-				"X-Forwarded-Uri":   testProxyPrefix + "/foo/bar",
+				"X-Forwarded-Uri":   testProxyPrefix + fooBar,
 			},
 			reverseProxy:     true,
 			validator:        testValidator(true),
 			expectedRedirect: "https://a-service.example.com/",
 		}),
 		Entry("Proxied request with port, under ProxyPrefix, redirects to  root", getRedirectTableInput{
-			requestURL: "https://oauth.example.com" + testProxyPrefix + "/foo/bar",
+			requestURL: "https://oauth.example.com" + testProxyPrefix + fooBar,
 			headers: map[string]string{
 				"X-Forwarded-Proto": "https",
 				"X-Forwarded-Host":  "a-service.example.com:8443",
-				"X-Forwarded-Uri":   testProxyPrefix + "/foo/bar",
+				"X-Forwarded-Uri":   testProxyPrefix + fooBar,
 			},
 			reverseProxy:     true,
 			validator:        testValidator(true),
@@ -167,7 +167,7 @@ var _ = Describe("Director Suite", func() {
 			headers: map[string]string{
 				"X-Forwarded-Proto": "https",
 				"X-Forwarded-Host":  "a-service.example.com",
-				"X-Forwarded-Uri":   "/foo/bar",
+				"X-Forwarded-Uri":   fooBar,
 			},
 			reverseProxy:     true,
 			validator:        testValidator(false, "https://a-service.example.com/foo/bar"),
diff --git a/pkg/app/redirect/pagewriter_suite_test.go b/pkg/app/redirect/pagewriter_suite_test.go
index 71301f58..d02ccc9e 100644
--- a/pkg/app/redirect/pagewriter_suite_test.go
+++ b/pkg/app/redirect/pagewriter_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/app/redirect/validator_test.go b/pkg/app/redirect/validator_test.go
index 034a802c..8c009184 100644
--- a/pkg/app/redirect/validator_test.go
+++ b/pkg/app/redirect/validator_test.go
@@ -6,8 +6,7 @@ import (
 	"os"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/authentication/basic/basic_suite_test.go b/pkg/authentication/basic/basic_suite_test.go
index 1cd9d7f7..ca0acb07 100644
--- a/pkg/authentication/basic/basic_suite_test.go
+++ b/pkg/authentication/basic/basic_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/authentication/basic/htpasswd_test.go b/pkg/authentication/basic/htpasswd_test.go
index 1a5d446c..6824cd32 100644
--- a/pkg/authentication/basic/htpasswd_test.go
+++ b/pkg/authentication/basic/htpasswd_test.go
@@ -3,7 +3,7 @@ package basic
 import (
 	"os"
 
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/onsi/gomega/types"
 )
@@ -17,6 +17,17 @@ const (
 	user2Password = "us3r2P455W0Rd!"
 )
 
+var (
+	fileNames []string
+)
+
+var _ = AfterSuite(func() {
+	for _, v := range fileNames {
+		err := os.Remove(v)
+		Expect(err).ToNot(HaveOccurred())
+	}
+})
+
 var _ = Describe("HTPasswd Suite", func() {
 	Context("with an HTPassword Validator", func() {
 		assertHtpasswdMapFromFile := func(filePath string) {
@@ -99,15 +110,6 @@ var _ = Describe("HTPasswd Suite", func() {
 				const filePathPrefix = "htpasswd-file-updated-"
 				const adminUserHtpasswdEntry = "admin:$2y$05$SXWrNM7ldtbRzBvUC3VXyOvUeiUcP45XPwM93P5eeGOEPIiAZmJjC"
 				const user1HtpasswdEntry = "user1:$2y$05$/sZYJOk8.3Etg4V6fV7puuXfCJLmV5Q7u3xvKpjBSJUka.t2YtmmG"
-				var fileNames []string
-
-				AfterSuite(func() {
-					for _, v := range fileNames {
-						err := os.Remove(v)
-						Expect(err).ToNot(HaveOccurred())
-					}
-
-				})
 
 				type htpasswdUpdate struct {
 					testText              string
diff --git a/pkg/clock/clock_suite_test.go b/pkg/clock/clock_suite_test.go
index f12825ba..99d39f24 100644
--- a/pkg/clock/clock_suite_test.go
+++ b/pkg/clock/clock_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/clock/clock_test.go b/pkg/clock/clock_test.go
index 5dc8c5fa..e1b6d440 100644
--- a/pkg/clock/clock_test.go
+++ b/pkg/clock/clock_test.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/clock"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/cookies/cookies_suite_test.go b/pkg/cookies/cookies_suite_test.go
index 208cae32..1e2e6f9c 100644
--- a/pkg/cookies/cookies_suite_test.go
+++ b/pkg/cookies/cookies_suite_test.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/cookies/cookies_test.go b/pkg/cookies/cookies_test.go
index c01617a1..31b155a9 100644
--- a/pkg/cookies/cookies_test.go
+++ b/pkg/cookies/cookies_test.go
@@ -8,8 +8,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/cookies/csrf_per_request_test.go b/pkg/cookies/csrf_per_request_test.go
index 915dc346..79d633bb 100644
--- a/pkg/cookies/csrf_per_request_test.go
+++ b/pkg/cookies/csrf_per_request_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/encryption"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/cookies/csrf_test.go b/pkg/cookies/csrf_test.go
index 97c1b496..b8760d08 100644
--- a/pkg/cookies/csrf_test.go
+++ b/pkg/cookies/csrf_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/encryption"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/header/header_suite_test.go b/pkg/header/header_suite_test.go
index 51685b20..a1ee3768 100644
--- a/pkg/header/header_suite_test.go
+++ b/pkg/header/header_suite_test.go
@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/header/injector_test.go b/pkg/header/injector_test.go
index 63f1e87a..25c276dc 100644
--- a/pkg/header/injector_test.go
+++ b/pkg/header/injector_test.go
@@ -7,8 +7,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/http/http_suite_test.go b/pkg/http/http_suite_test.go
index edd440c7..19d4d3ff 100644
--- a/pkg/http/http_suite_test.go
+++ b/pkg/http/http_suite_test.go
@@ -12,7 +12,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/http/server_group_test.go b/pkg/http/server_group_test.go
index 97748b4d..74e5c315 100644
--- a/pkg/http/server_group_test.go
+++ b/pkg/http/server_group_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"
 
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/http/server_test.go b/pkg/http/server_test.go
index aae7458e..f1abf5fc 100644
--- a/pkg/http/server_test.go
+++ b/pkg/http/server_test.go
@@ -9,8 +9,7 @@ import (
 	"os"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gleak"
 )
diff --git a/pkg/middleware/basic_session_test.go b/pkg/middleware/basic_session_test.go
index 24f0812d..61f3ecbc 100644
--- a/pkg/middleware/basic_session_test.go
+++ b/pkg/middleware/basic_session_test.go
@@ -7,8 +7,7 @@ import (
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/headers_test.go b/pkg/middleware/headers_test.go
index ef785ed7..06440eea 100644
--- a/pkg/middleware/headers_test.go
+++ b/pkg/middleware/headers_test.go
@@ -8,8 +8,7 @@ import (
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/healthcheck_test.go b/pkg/middleware/healthcheck_test.go
index 1a6a788d..78e1e6d4 100644
--- a/pkg/middleware/healthcheck_test.go
+++ b/pkg/middleware/healthcheck_test.go
@@ -4,8 +4,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/jwt_session_test.go b/pkg/middleware/jwt_session_test.go
index b6597f8e..ac29e919 100644
--- a/pkg/middleware/jwt_session_test.go
+++ b/pkg/middleware/jwt_session_test.go
@@ -17,8 +17,7 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	k8serrors "k8s.io/apimachinery/pkg/util/errors"
 )
diff --git a/pkg/middleware/metrics_test.go b/pkg/middleware/metrics_test.go
index 01811956..184e66af 100644
--- a/pkg/middleware/metrics_test.go
+++ b/pkg/middleware/metrics_test.go
@@ -5,8 +5,7 @@ import (
 	"net/http/httptest"
 	"os"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 
 	"github.com/prometheus/client_golang/prometheus"
diff --git a/pkg/middleware/middleware_suite_test.go b/pkg/middleware/middleware_suite_test.go
index ff9c1ef6..0e3a2c9d 100644
--- a/pkg/middleware/middleware_suite_test.go
+++ b/pkg/middleware/middleware_suite_test.go
@@ -6,7 +6,7 @@ import (
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/readynesscheck_test.go b/pkg/middleware/readynesscheck_test.go
index 53052b88..618c27b8 100644
--- a/pkg/middleware/readynesscheck_test.go
+++ b/pkg/middleware/readynesscheck_test.go
@@ -6,8 +6,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/redirect_to_https_test.go b/pkg/middleware/redirect_to_https_test.go
index f8c2c6bb..6e8a4368 100644
--- a/pkg/middleware/redirect_to_https_test.go
+++ b/pkg/middleware/redirect_to_https_test.go
@@ -6,8 +6,7 @@ import (
 	"net/http/httptest"
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/request_logger_test.go b/pkg/middleware/request_logger_test.go
index 5df64363..f481adf7 100644
--- a/pkg/middleware/request_logger_test.go
+++ b/pkg/middleware/request_logger_test.go
@@ -8,8 +8,7 @@ import (
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/scope_test.go b/pkg/middleware/scope_test.go
index 1a76132f..fa680667 100644
--- a/pkg/middleware/scope_test.go
+++ b/pkg/middleware/scope_test.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/google/uuid"
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/session_utils_test.go b/pkg/middleware/session_utils_test.go
index 26eb84bb..efc25e44 100644
--- a/pkg/middleware/session_utils_test.go
+++ b/pkg/middleware/session_utils_test.go
@@ -3,8 +3,7 @@ package middleware
 import (
 	"errors"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/middleware/stored_session_test.go b/pkg/middleware/stored_session_test.go
index 4dd7292f..904c2028 100644
--- a/pkg/middleware/stored_session_test.go
+++ b/pkg/middleware/stored_session_test.go
@@ -13,8 +13,7 @@ import (
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/clock"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/providers"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/providers/oidc/oidc_suite_test.go b/pkg/providers/oidc/oidc_suite_test.go
index 2ceb9a9c..84674dcd 100755
--- a/pkg/providers/oidc/oidc_suite_test.go
+++ b/pkg/providers/oidc/oidc_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/providers/oidc/provider_test.go b/pkg/providers/oidc/provider_test.go
index 0ff17484..0364721a 100644
--- a/pkg/providers/oidc/provider_test.go
+++ b/pkg/providers/oidc/provider_test.go
@@ -7,8 +7,7 @@ import (
 	"net/http"
 
 	"github.com/oauth2-proxy/mockoidc"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/providers/oidc/provider_verifier_test.go b/pkg/providers/oidc/provider_verifier_test.go
index b95ad551..e3084a06 100644
--- a/pkg/providers/oidc/provider_verifier_test.go
+++ b/pkg/providers/oidc/provider_verifier_test.go
@@ -6,8 +6,7 @@ import (
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/oauth2-proxy/mockoidc"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/providers/oidc/verifier_test.go b/pkg/providers/oidc/verifier_test.go
index 5496d9fd..d18c0fbd 100755
--- a/pkg/providers/oidc/verifier_test.go
+++ b/pkg/providers/oidc/verifier_test.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/go-jose/go-jose/v3"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/providers/util/claim_extractor_test.go b/pkg/providers/util/claim_extractor_test.go
index e1a416d6..be4f672d 100644
--- a/pkg/providers/util/claim_extractor_test.go
+++ b/pkg/providers/util/claim_extractor_test.go
@@ -10,8 +10,7 @@ import (
 	"net/url"
 	"sync/atomic"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/providers/util/util_suite_test.go b/pkg/providers/util/util_suite_test.go
index c76d9813..b787cb23 100644
--- a/pkg/providers/util/util_suite_test.go
+++ b/pkg/providers/util/util_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/requests/builder_test.go b/pkg/requests/builder_test.go
index 7e1e6222..fc12209f 100644
--- a/pkg/requests/builder_test.go
+++ b/pkg/requests/builder_test.go
@@ -11,7 +11,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version"
 
 	"github.com/bitly/go-simplejson"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/requests/requests_suite_test.go b/pkg/requests/requests_suite_test.go
index 5bc684b0..929ae8bd 100644
--- a/pkg/requests/requests_suite_test.go
+++ b/pkg/requests/requests_suite_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/requests/result_test.go b/pkg/requests/result_test.go
index 70c2814a..b6ecee74 100644
--- a/pkg/requests/result_test.go
+++ b/pkg/requests/result_test.go
@@ -4,8 +4,7 @@ import (
 	"errors"
 	"net/http"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/requests/util/util_suite_test.go b/pkg/requests/util/util_suite_test.go
index 7be50686..1cb07f37 100644
--- a/pkg/requests/util/util_suite_test.go
+++ b/pkg/requests/util/util_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/requests/util/util_test.go b/pkg/requests/util/util_test.go
index 595f93f6..f1153d87 100644
--- a/pkg/requests/util/util_test.go
+++ b/pkg/requests/util/util_test.go
@@ -7,7 +7,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests/util"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/sessions/cookie/session_store_test.go b/pkg/sessions/cookie/session_store_test.go
index bb457780..5fc1ad78 100644
--- a/pkg/sessions/cookie/session_store_test.go
+++ b/pkg/sessions/cookie/session_store_test.go
@@ -12,7 +12,7 @@ import (
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/tests"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/assert"
 )
diff --git a/pkg/sessions/persistence/manager_test.go b/pkg/sessions/persistence/manager_test.go
index 791595bd..3e67daa3 100644
--- a/pkg/sessions/persistence/manager_test.go
+++ b/pkg/sessions/persistence/manager_test.go
@@ -6,7 +6,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/tests"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 )
 
 var _ = Describe("Persistence Manager Tests", func() {
diff --git a/pkg/sessions/persistence/persistence_suite_test.go b/pkg/sessions/persistence/persistence_suite_test.go
index bc5b5f85..6edd912f 100644
--- a/pkg/sessions/persistence/persistence_suite_test.go
+++ b/pkg/sessions/persistence/persistence_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/sessions/persistence/ticket_test.go b/pkg/sessions/persistence/ticket_test.go
index 885f9958..4cc62e2c 100644
--- a/pkg/sessions/persistence/ticket_test.go
+++ b/pkg/sessions/persistence/ticket_test.go
@@ -8,8 +8,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/sessions/redis/client_test.go b/pkg/sessions/redis/client_test.go
index 580947ca..2a07aba8 100644
--- a/pkg/sessions/redis/client_test.go
+++ b/pkg/sessions/redis/client_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/encryption"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/redis"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/sessions/redis/redis_store_test.go b/pkg/sessions/redis/redis_store_test.go
index ddc54fe2..0c0c5106 100644
--- a/pkg/sessions/redis/redis_store_test.go
+++ b/pkg/sessions/redis/redis_store_test.go
@@ -1,10 +1,6 @@
 package redis
 
 import (
-	"bytes"
-	"crypto/tls"
-	"encoding/pem"
-	"os"
 	"time"
 
 	"github.com/Bose/minisentinel"
@@ -13,43 +9,15 @@ import (
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/persistence"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/tests"
-	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
-const redisUsername = "testuser"
-const redisPassword = "0123456789abcdefghijklmnopqrstuv"
-
-var (
-	cert   tls.Certificate
-	caPath string
+const (
+	redisUsername = "testuser"
+	redisPassword = "0123456789abcdefghijklmnopqrstuv"
 )
 
-var _ = BeforeSuite(func() {
-	var err error
-	certBytes, keyBytes, err := util.GenerateCert("127.0.0.1")
-	Expect(err).ToNot(HaveOccurred())
-	certOut := new(bytes.Buffer)
-	Expect(pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes})).To(Succeed())
-	certData := certOut.Bytes()
-	keyOut := new(bytes.Buffer)
-	Expect(pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: keyBytes})).To(Succeed())
-	cert, err = tls.X509KeyPair(certData, keyOut.Bytes())
-	Expect(err).ToNot(HaveOccurred())
-
-	certFile, err := os.CreateTemp("", "cert.*.pem")
-	Expect(err).ToNot(HaveOccurred())
-	caPath = certFile.Name()
-	_, err = certFile.Write(certData)
-	defer certFile.Close()
-	Expect(err).ToNot(HaveOccurred())
-})
-
-var _ = AfterSuite(func() {
-	Expect(os.Remove(caPath)).ToNot(HaveOccurred())
-})
-
 var _ = Describe("Redis SessionStore Tests", func() {
 	// helper interface to allow us to close client connections
 	// All non-nil redis clients should implement this
@@ -79,11 +47,12 @@ var _ = Describe("Redis SessionStore Tests", func() {
 		}
 	})
 
+	const redisProtocol = "redis://"
 	tests.RunSessionStoreTests(
 		func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
 			// Set the connection URL
 			opts.Type = options.RedisSessionStoreType
-			opts.Redis.ConnectionURL = "redis://" + mr.Addr()
+			opts.Redis.ConnectionURL = redisProtocol + mr.Addr()
 
 			// Capture the session store so that we can close the client
 			var err error
@@ -104,14 +73,10 @@ var _ = Describe("Redis SessionStore Tests", func() {
 			Expect(ms.Start()).To(Succeed())
 		})
 
-		AfterEach(func() {
-			ms.Close()
-		})
-
 		tests.RunSessionStoreTests(
 			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
 				// Set the sentinel connection URL
-				sentinelAddr := "redis://" + ms.Addr()
+				sentinelAddr := redisProtocol + ms.Addr()
 				opts.Type = options.RedisSessionStoreType
 				opts.Redis.SentinelConnectionURLs = []string{sentinelAddr}
 				opts.Redis.UseSentinel = true
@@ -132,7 +97,7 @@ var _ = Describe("Redis SessionStore Tests", func() {
 	Context("with cluster", func() {
 		tests.RunSessionStoreTests(
 			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-				clusterAddr := "redis://" + mr.Addr()
+				clusterAddr := redisProtocol + mr.Addr()
 				opts.Type = options.RedisSessionStoreType
 				opts.Redis.ClusterConnectionURLs = []string{clusterAddr}
 				opts.Redis.UseCluster = true
@@ -162,7 +127,7 @@ var _ = Describe("Redis SessionStore Tests", func() {
 			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
 				// Set the connection URL
 				opts.Type = options.RedisSessionStoreType
-				opts.Redis.ConnectionURL = "redis://" + mr.Addr()
+				opts.Redis.ConnectionURL = redisProtocol + mr.Addr()
 				opts.Redis.Password = redisPassword
 
 				// Capture the session store so that we can close the client
@@ -184,14 +149,10 @@ var _ = Describe("Redis SessionStore Tests", func() {
 				Expect(ms.Start()).To(Succeed())
 			})
 
-			AfterEach(func() {
-				ms.Close()
-			})
-
 			tests.RunSessionStoreTests(
 				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
 					// Set the sentinel connection URL
-					sentinelAddr := "redis://" + ms.Addr()
+					sentinelAddr := redisProtocol + ms.Addr()
 					opts.Type = options.RedisSessionStoreType
 					opts.Redis.SentinelConnectionURLs = []string{sentinelAddr}
 					opts.Redis.UseSentinel = true
@@ -213,7 +174,7 @@ var _ = Describe("Redis SessionStore Tests", func() {
 		Context("with cluster", func() {
 			tests.RunSessionStoreTests(
 				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-					clusterAddr := "redis://" + mr.Addr()
+					clusterAddr := redisProtocol + mr.Addr()
 					opts.Type = options.RedisSessionStoreType
 					opts.Redis.ClusterConnectionURLs = []string{clusterAddr}
 					opts.Redis.UseCluster = true
@@ -281,190 +242,4 @@ var _ = Describe("Redis SessionStore Tests", func() {
 			)
 		})
 	})
-
-	Context("with TLS connection", func() {
-		BeforeEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.RunTLS(&tls.Config{Certificates: []tls.Certificate{cert}})
-			Expect(err).ToNot(HaveOccurred())
-		})
-		AfterEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.Run()
-			Expect(err).ToNot(HaveOccurred())
-		})
-
-		Context("with standalone", func() {
-			tests.RunSessionStoreTests(
-				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-					// Set the connection URL
-					opts.Type = options.RedisSessionStoreType
-					opts.Redis.ConnectionURL = "rediss://" + mr.Addr()
-					opts.Redis.CAPath = caPath
-
-					// Capture the session store so that we can close the client
-					ss, err := NewRedisSessionStore(opts, cookieOpts)
-					return ss, err
-				},
-				func(d time.Duration) error {
-					mr.FastForward(d)
-					return nil
-				},
-			)
-		})
-
-		Context("with cluster", func() {
-			tests.RunSessionStoreTests(
-				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-					clusterAddr := "rediss://" + mr.Addr()
-					opts.Type = options.RedisSessionStoreType
-					opts.Redis.ClusterConnectionURLs = []string{clusterAddr}
-					opts.Redis.UseCluster = true
-					opts.Redis.CAPath = caPath
-
-					// Capture the session store so that we can close the client
-					var err error
-					ss, err = NewRedisSessionStore(opts, cookieOpts)
-					return ss, err
-				},
-				func(d time.Duration) error {
-					mr.FastForward(d)
-					return nil
-				},
-			)
-		})
-	})
-
-	Context("with insecure TLS connection", func() {
-		BeforeEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.RunTLS(&tls.Config{Certificates: []tls.Certificate{cert}})
-			Expect(err).ToNot(HaveOccurred())
-		})
-		AfterEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.Run()
-			Expect(err).ToNot(HaveOccurred())
-		})
-
-		Context("with standalone", func() {
-			tests.RunSessionStoreTests(
-				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-					// Set the connection URL
-					opts.Type = options.RedisSessionStoreType
-					opts.Redis.ConnectionURL = "rediss://" + mr.Addr()
-					opts.Redis.InsecureSkipTLSVerify = true
-
-					// Capture the session store so that we can close the client
-					ss, err := NewRedisSessionStore(opts, cookieOpts)
-					return ss, err
-				},
-				func(d time.Duration) error {
-					mr.FastForward(d)
-					return nil
-				},
-			)
-		})
-
-		Context("with cluster", func() {
-			tests.RunSessionStoreTests(
-				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-					clusterAddr := "rediss://" + mr.Addr()
-					opts.Type = options.RedisSessionStoreType
-					opts.Redis.ClusterConnectionURLs = []string{clusterAddr}
-					opts.Redis.UseCluster = true
-					opts.Redis.InsecureSkipTLSVerify = true
-
-					// Capture the session store so that we can close the client
-					var err error
-					ss, err = NewRedisSessionStore(opts, cookieOpts)
-					return ss, err
-				},
-				func(d time.Duration) error {
-					mr.FastForward(d)
-					return nil
-				},
-			)
-		})
-	})
-
-	Context("with custom CA path", func() {
-		BeforeEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.RunTLS(&tls.Config{Certificates: []tls.Certificate{cert}})
-			Expect(err).ToNot(HaveOccurred())
-		})
-
-		AfterEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.Run()
-			Expect(err).ToNot(HaveOccurred())
-		})
-
-		tests.RunSessionStoreTests(
-			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-				// Set the connection URL
-				opts.Type = options.RedisSessionStoreType
-				opts.Redis.ConnectionURL = "redis://" + mr.Addr()
-				opts.Redis.CAPath = caPath
-
-				// Capture the session store so that we can close the client
-				var err error
-				ss, err = NewRedisSessionStore(opts, cookieOpts)
-				return ss, err
-			},
-			func(d time.Duration) error {
-				mr.FastForward(d)
-				return nil
-			},
-		)
-	})
-
-	Context("with insecure TLS connection", func() {
-		BeforeEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.RunTLS(&tls.Config{Certificates: []tls.Certificate{cert}})
-			Expect(err).ToNot(HaveOccurred())
-		})
-
-		AfterEach(func() {
-			mr.Close()
-
-			var err error
-			mr, err = miniredis.Run()
-			Expect(err).ToNot(HaveOccurred())
-		})
-
-		tests.RunSessionStoreTests(
-			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
-				// Set the connection URL
-				opts.Type = options.RedisSessionStoreType
-				opts.Redis.ConnectionURL = "redis://127.0.0.1:" + mr.Port() // func (*Miniredis) StartTLS listens on 127.0.0.1
-				opts.Redis.InsecureSkipTLSVerify = true
-
-				// Capture the session store so that we can close the client
-				var err error
-				ss, err = NewRedisSessionStore(opts, cookieOpts)
-				return ss, err
-			},
-			func(d time.Duration) error {
-				mr.FastForward(d)
-				return nil
-			},
-		)
-	})
 })
diff --git a/pkg/sessions/redis/redis_store_tls_test.go b/pkg/sessions/redis/redis_store_tls_test.go
new file mode 100644
index 00000000..54d94b1f
--- /dev/null
+++ b/pkg/sessions/redis/redis_store_tls_test.go
@@ -0,0 +1,169 @@
+package redis
+
+import (
+	"crypto/tls"
+	"time"
+
+	"github.com/alicebob/miniredis/v2"
+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
+	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/persistence"
+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/tests"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Redis SessionStore Tests", func() {
+	// helper interface to allow us to close client connections
+	// All non-nil redis clients should implement this
+	type closer interface {
+		Close() error
+	}
+
+	var mr *miniredis.Miniredis
+	var ss sessionsapi.SessionStore
+
+	BeforeEach(func() {
+		var err error
+		mr, err = miniredis.RunTLS(&tls.Config{Certificates: []tls.Certificate{cert}})
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	AfterEach(func() {
+		mr.Close()
+	})
+
+	JustAfterEach(func() {
+		// Release any connections immediately after the test ends
+		if redisManager, ok := ss.(*persistence.Manager); ok {
+			if redisManager.Store.(*SessionStore).Client != nil {
+				Expect(redisManager.Store.(*SessionStore).Client.(closer).Close()).To(Succeed())
+			}
+		}
+	})
+
+	const redissProtocol = "rediss://"
+	Context("with TLS connection", func() {
+		Context("with standalone", func() {
+			tests.RunSessionStoreTests(
+				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
+					// Set the connection URL
+					opts.Type = options.RedisSessionStoreType
+					opts.Redis.ConnectionURL = redissProtocol + mr.Addr()
+					opts.Redis.CAPath = caPath
+
+					// Capture the session store so that we can close the client
+					ss, err := NewRedisSessionStore(opts, cookieOpts)
+					return ss, err
+				},
+				func(d time.Duration) error {
+					mr.FastForward(d)
+					return nil
+				},
+			)
+		})
+
+		Context("with cluster", func() {
+			tests.RunSessionStoreTests(
+				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
+					clusterAddr := redissProtocol + mr.Addr()
+					opts.Type = options.RedisSessionStoreType
+					opts.Redis.ClusterConnectionURLs = []string{clusterAddr}
+					opts.Redis.UseCluster = true
+					opts.Redis.CAPath = caPath
+
+					// Capture the session store so that we can close the client
+					var err error
+					ss, err = NewRedisSessionStore(opts, cookieOpts)
+					return ss, err
+				},
+				func(d time.Duration) error {
+					mr.FastForward(d)
+					return nil
+				},
+			)
+		})
+	})
+
+	Context("with insecure TLS connection", func() {
+		Context("with standalone", func() {
+			tests.RunSessionStoreTests(
+				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
+					// Set the connection URL
+					opts.Type = options.RedisSessionStoreType
+					opts.Redis.ConnectionURL = redissProtocol + mr.Addr()
+					opts.Redis.InsecureSkipTLSVerify = true
+
+					// Capture the session store so that we can close the client
+					ss, err := NewRedisSessionStore(opts, cookieOpts)
+					return ss, err
+				},
+				func(d time.Duration) error {
+					mr.FastForward(d)
+					return nil
+				},
+			)
+		})
+
+		Context("with cluster", func() {
+			tests.RunSessionStoreTests(
+				func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
+					clusterAddr := redissProtocol + mr.Addr()
+					opts.Type = options.RedisSessionStoreType
+					opts.Redis.ClusterConnectionURLs = []string{clusterAddr}
+					opts.Redis.UseCluster = true
+					opts.Redis.InsecureSkipTLSVerify = true
+
+					// Capture the session store so that we can close the client
+					var err error
+					ss, err = NewRedisSessionStore(opts, cookieOpts)
+					return ss, err
+				},
+				func(d time.Duration) error {
+					mr.FastForward(d)
+					return nil
+				},
+			)
+		})
+	})
+
+	Context("with custom CA path", func() {
+		tests.RunSessionStoreTests(
+			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
+				// Set the connection URL
+				opts.Type = options.RedisSessionStoreType
+				opts.Redis.ConnectionURL = redissProtocol + mr.Addr()
+				opts.Redis.CAPath = caPath
+
+				// Capture the session store so that we can close the client
+				var err error
+				ss, err = NewRedisSessionStore(opts, cookieOpts)
+				return ss, err
+			},
+			func(d time.Duration) error {
+				mr.FastForward(d)
+				return nil
+			},
+		)
+	})
+
+	Context("with insecure TLS connection", func() {
+		tests.RunSessionStoreTests(
+			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
+				// Set the connection URL
+				opts.Type = options.RedisSessionStoreType
+				opts.Redis.ConnectionURL = "redis://127.0.0.1:" + mr.Port() // func (*Miniredis) StartTLS listens on 127.0.0.1
+				opts.Redis.InsecureSkipTLSVerify = true
+
+				// Capture the session store so that we can close the client
+				var err error
+				ss, err = NewRedisSessionStore(opts, cookieOpts)
+				return ss, err
+			},
+			func(d time.Duration) error {
+				mr.FastForward(d)
+				return nil
+			},
+		)
+	})
+})
diff --git a/pkg/sessions/redis/redis_test.go b/pkg/sessions/redis/redis_test.go
index 5725759c..c38553cb 100644
--- a/pkg/sessions/redis/redis_test.go
+++ b/pkg/sessions/redis/redis_test.go
@@ -1,13 +1,17 @@
-package redis_test
+package redis
 
 import (
+	"bytes"
 	"context"
+	"crypto/tls"
+	"encoding/pem"
 	"log"
 	"os"
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/redis/go-redis/v9"
 )
@@ -22,6 +26,11 @@ func (l *wrappedRedisLogger) Printf(_ context.Context, format string, v ...inter
 	l.Logger.Printf(format, v...)
 }
 
+var (
+	cert   tls.Certificate
+	caPath string
+)
+
 func TestRedis(t *testing.T) {
 	logger.SetOutput(GinkgoWriter)
 	logger.SetErrOutput(GinkgoWriter)
@@ -33,3 +42,27 @@ func TestRedis(t *testing.T) {
 	RegisterFailHandler(Fail)
 	RunSpecs(t, "Redis")
 }
+
+var _ = BeforeSuite(func() {
+	var err error
+	certBytes, keyBytes, err := util.GenerateCert("127.0.0.1")
+	Expect(err).ToNot(HaveOccurred())
+	certOut := new(bytes.Buffer)
+	Expect(pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes})).To(Succeed())
+	certData := certOut.Bytes()
+	keyOut := new(bytes.Buffer)
+	Expect(pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: keyBytes})).To(Succeed())
+	cert, err = tls.X509KeyPair(certData, keyOut.Bytes())
+	Expect(err).ToNot(HaveOccurred())
+
+	certFile, err := os.CreateTemp("", "cert.*.pem")
+	Expect(err).ToNot(HaveOccurred())
+	caPath = certFile.Name()
+	_, err = certFile.Write(certData)
+	defer certFile.Close()
+	Expect(err).ToNot(HaveOccurred())
+})
+
+var _ = AfterSuite(func() {
+	Expect(os.Remove(caPath)).ToNot(HaveOccurred())
+})
diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go
index 1e71887a..0db45f78 100644
--- a/pkg/sessions/session_store_test.go
+++ b/pkg/sessions/session_store_test.go
@@ -12,7 +12,7 @@ import (
 	sessionscookie "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/cookie"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/persistence"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/redis"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/sessions/tests/session_store_tests.go b/pkg/sessions/tests/session_store_tests.go
index 0416b24f..8e2d02f9 100644
--- a/pkg/sessions/tests/session_store_tests.go
+++ b/pkg/sessions/tests/session_store_tests.go
@@ -12,7 +12,7 @@ import (
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	cookiesapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/cookies"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/encryption"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/upstream/file_test.go b/pkg/upstream/file_test.go
index feff3261..307ee24b 100644
--- a/pkg/upstream/file_test.go
+++ b/pkg/upstream/file_test.go
@@ -8,8 +8,7 @@ import (
 	"os"
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/upstream/http_test.go b/pkg/upstream/http_test.go
index b18815a2..16f75f2d 100644
--- a/pkg/upstream/http_test.go
+++ b/pkg/upstream/http_test.go
@@ -15,8 +15,7 @@ import (
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/middleware"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"golang.org/x/net/websocket"
 )
diff --git a/pkg/upstream/proxy_test.go b/pkg/upstream/proxy_test.go
index 374c59c5..b685eae0 100644
--- a/pkg/upstream/proxy_test.go
+++ b/pkg/upstream/proxy_test.go
@@ -10,8 +10,7 @@ import (
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/app/pagewriter"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/upstream/rewrite_test.go b/pkg/upstream/rewrite_test.go
index 57a0f244..61d984fe 100644
--- a/pkg/upstream/rewrite_test.go
+++ b/pkg/upstream/rewrite_test.go
@@ -6,8 +6,7 @@ import (
 	"regexp"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/app/pagewriter"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/upstream/static_test.go b/pkg/upstream/static_test.go
index dc2f6e36..8ed0a315 100644
--- a/pkg/upstream/static_test.go
+++ b/pkg/upstream/static_test.go
@@ -7,8 +7,7 @@ import (
 	"net/http/httptest"
 
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/upstream/upstream_suite_test.go b/pkg/upstream/upstream_suite_test.go
index ecb8d0b7..f34c8eaf 100644
--- a/pkg/upstream/upstream_suite_test.go
+++ b/pkg/upstream/upstream_suite_test.go
@@ -13,7 +13,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"golang.org/x/net/websocket"
 )
diff --git a/pkg/validation/allowlist_test.go b/pkg/validation/allowlist_test.go
index 1519493b..9f6843dd 100644
--- a/pkg/validation/allowlist_test.go
+++ b/pkg/validation/allowlist_test.go
@@ -1,8 +1,7 @@
 package validation
 
 import (
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
diff --git a/pkg/validation/common_test.go b/pkg/validation/common_test.go
index 809e1cf6..9e873c35 100644
--- a/pkg/validation/common_test.go
+++ b/pkg/validation/common_test.go
@@ -4,8 +4,7 @@ import (
 	"os"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/validation/header_test.go b/pkg/validation/header_test.go
index ccc90857..2d9ef6dd 100644
--- a/pkg/validation/header_test.go
+++ b/pkg/validation/header_test.go
@@ -4,8 +4,7 @@ import (
 	"encoding/base64"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/validation/providers_test.go b/pkg/validation/providers_test.go
index 48317040..065eb305 100644
--- a/pkg/validation/providers_test.go
+++ b/pkg/validation/providers_test.go
@@ -2,8 +2,7 @@ package validation
 
 import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/validation/sessions_test.go b/pkg/validation/sessions_test.go
index 0a0f0fd5..4934b649 100644
--- a/pkg/validation/sessions_test.go
+++ b/pkg/validation/sessions_test.go
@@ -6,8 +6,7 @@ import (
 	"github.com/Bose/minisentinel"
 	"github.com/alicebob/miniredis/v2"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/validation/upstreams_test.go b/pkg/validation/upstreams_test.go
index 586c6d85..fe431d27 100644
--- a/pkg/validation/upstreams_test.go
+++ b/pkg/validation/upstreams_test.go
@@ -4,8 +4,7 @@ import (
 	"time"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/validation/validation_suite_test.go b/pkg/validation/validation_suite_test.go
index 091c1565..e86f36f8 100644
--- a/pkg/validation/validation_suite_test.go
+++ b/pkg/validation/validation_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/providers/adfs_test.go b/providers/adfs_test.go
index 6ffe97f2..0b730430 100755
--- a/providers/adfs_test.go
+++ b/providers/adfs_test.go
@@ -16,8 +16,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	internaloidc "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/providers/oidc"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/providers/gitlab_test.go b/providers/gitlab_test.go
index 2ed4e8f7..a6ae6029 100644
--- a/providers/gitlab_test.go
+++ b/providers/gitlab_test.go
@@ -9,8 +9,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/providers/keycloak_oidc_test.go b/providers/keycloak_oidc_test.go
index fa316930..699309fc 100644
--- a/providers/keycloak_oidc_test.go
+++ b/providers/keycloak_oidc_test.go
@@ -11,7 +11,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 
 	internaloidc "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/providers/oidc"
diff --git a/providers/keycloak_test.go b/providers/keycloak_test.go
index b6d8b422..bfef5466 100644
--- a/providers/keycloak_test.go
+++ b/providers/keycloak_test.go
@@ -10,8 +10,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/ginkgo/extensions/table"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/providers/providers_suite_test.go b/providers/providers_suite_test.go
index 9194eff4..2b3fa04a 100644
--- a/providers/providers_suite_test.go
+++ b/providers/providers_suite_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )