Saml2WebSsoAuthenticationFilter ignores the authentication details

[horca]

Hello Spring Security team,

Problem

When using the UsernamePasswordAuthenticationFilter we are setting custom authentication details with AuthenticationDetailsSource to be used further down the security chain. Unfortunately, the Saml2WebSsoAuthenticationFilter does not populate the authentication details even though it inherits from AbstractAuthenticationProcessingFilter which allows to define the details source.

Solution

After the Saml2AuthenticationToken is created, populate the details. Afterwards, when creating the Saml2Authentication within the authetication provider, just copy the details over.

[fhanik]

I feel these two issues are related, and one solution could satisfy both
#7465

[horca]

I'm not really sure if this issue relates to the UserService and AuthenticatedPrincipal... Please see this commit for more information on what I'm trying to achieve (same mechanism as UsernamePasswordAuthenticationFilter).

[horca]

Copying the details within the authentication provider is not needed as they are copied inside the ProviderManager

[jzheaux]

@horca, thanks for laying out some of the details here. I think it makes sense to have the SAML 2.0 support align with other authentication filters in Spring Security.

Would you be interested in submitting a PR to have the filter set the details object on the Saml2AuthenticationToken instance and have the authentication provider set the details on the Saml2Authentication instance?

@jzheaux I would love to give it a try if its open for contribution. Can you please explain litte more on what is the implementation plan?