Spring org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute"

**Affects: 5.5.2 \spring-security-saml2-service-provider or

I have been testing a SAML SSO integration using Spring framework.
I attach a saml token produced by Keycloak IDP in that testing.
The code to setup the "authorities" transmitted in the token use the getAttribute method with a str parm of "Role". While there are several attributes with that attribute name, the method consistently produces only a single one of these in the return List object. It always is the last one physically in the list. I've tested this carefully, and the behavior is consistent.
Same behavior with the getAttributes method (no parameter) although the returned object is a Map in this case. SAMLTOKEN.xml.txt

All these attributes should be returned from both methods.

Comment From: bclozel

Could you open this issue against Spring Security's issue tracker? Thanks!