SES-69: Data returned from SAMLUserDetailsService and UserDetailsService put into different fields of the Authentication object about spring-security-saml HOT 3 CLOSED

GWA said:

It's true this is a little odd compare to all other authentication provider I know

Anyway, in the SAMLAuthenticationProvider there's a comment on the getPrincipal method that insist that the method can be override

In your project you can declare a provider like this one instead of the vanilla SAMLAuthenticationProvider. This will do exactly what you need.

public class PersonalSamlAuthenticationProvider extends SAMLAuthenticationProvider{

/**
 * 
 * @param consumer
 */
public PersonalSamlAuthenticationProvider(WebSSOProfileConsumer consumer) {
    super(consumer);
}

/* (non-Javadoc)
 * @see org.springframework.security.saml.SAMLAuthenticationProvider#getPrincipal(org.springframework.security.saml.SAMLCredential, java.lang.Object)
 */
@Override
protected Object getPrincipal(SAMLCredential credential, Object userDetail) {
    if (userDetail!=null){
        return userDetail;
    }
    return super.getPrincipal(credential, userDetail);
}

}

from spring-security-saml.

Mandus Elfving said:

I am aware that you can always override the authentication provider, but it seems a bit odd that the SAML extension behaves in a way that isn't consistent with the other authentication methods.Therefore I think it should be considered to change the SAML extension to behave as the others do.

from spring-security-saml.

Vladimir Schäfer said:

Behavior of principal field is now identical to AbstractUserDetailsAuthenticationProvider. By default userDetail object is now put to the principal field of the Authentication object. Previous behavior can be enabled by setting property forcePrincipalAsString to true on the SAMLAuthenticationProvider.

from spring-security-saml.