Hello Spring Security team,
Problem
When using the UsernamePasswordAuthenticationFilter we are setting custom authentication details with AuthenticationDetailsSource to be used further down the security chain. Unfortunately, the Saml2WebSsoAuthenticationFilter does not populate the authentication details even though it inherits from AbstractAuthenticationProcessingFilter which allows to define the details source.
Solution
After the Saml2AuthenticationToken is created, populate the details. Afterwards, when creating the Saml2Authentication within the authetication provider, just copy the details over.
Comment From: fhanik
I feel these two issues are related, and one solution could satisfy both https://github.com/spring-projects/spring-security/issues/7465
Comment From: horca
I'm not really sure if this issue relates to the UserService and AuthenticatedPrincipal... Please see this commit for more information on what I'm trying to achieve (same mechanism as UsernamePasswordAuthenticationFilter).
Comment From: horca
Copying the details within the authentication provider is not needed as they are copied inside the ProviderManager
Comment From: jzheaux
@horca, thanks for laying out some of the details here. I think it makes sense to have the SAML 2.0 support align with other authentication filters in Spring Security.
Would you be interested in submitting a PR to have the filter set the details object on the Saml2AuthenticationToken instance and have the authentication provider set the details on the Saml2Authentication instance?
Comment From: ghost
@jzheaux I would love to give it a try if its open for contribution. Can you please explain litte more on what is the implementation plan?