SES-28: SAMLAuthenticationProvider should optionally create the AuthenticationToken with the principal containing the UserDetails

[spring-projects-issues]

Martin Rösel (Migrated from SES-28) said:

I wonder if it would be possible to extend the SAMLAuthenticationProvider so that it optionally would create the AuthenticationToken with the principal containing the UserDetails instead of the String representation of the username.

This feature could be implemented like in the class
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

I have attached my suggestion for the SAMLAuthenticationProvider.

Perhaps you could consider this.

Anyway I would like to thank you Vladimir for contributing your SAML Security Extension to the public.

Martin

[spring-projects-issues]

Vladimir Schäfer said:

The AbstractUserDetailsAuthenticationProvider was modified to contain method "protected Object getPrincipal(SAMLCredential credential, Object userDetail)" which by default returns NameID from the SAML2 message (as before). You are now free to create Principal in any format (and still keep it different from UserDetails object) by overriding the method.

Signature of method "protected void processUserDetails(AbstractAuthenticationToken token, SAMLCredential credential)" was changed to "protected Object getUserDetails(SAMLCredential credential)".

Hopefully this will solve your issue Martin.

V.