Saml2WebSsoAuthenticationFilter ignores the authentication details #7722
Comments
spring-projects-issues
added
the
status: waiting-for-triage
fhanik
added
in: saml2
|
I feel these two issues are related, and one solution could satisfy both |
…thentication details with AbstractAuthenticationProcessingFilter 'authenticationDetailsSource'
|
I'm not really sure if this issue relates to the UserService and AuthenticatedPrincipal... Please see this commit for more information on what I'm trying to achieve (same mechanism as UsernamePasswordAuthenticationFilter). |
|
Copying the details within the authentication provider is not needed as they are copied inside the |
|
@horca, thanks for laying out some of the details here. I think it makes sense to have the SAML 2.0 support align with other authentication filters in Spring Security. Would you be interested in submitting a PR to have the filter set the details object on the |
jzheaux
added
the
status: ideal-for-contribution
|
@jzheaux I would love to give it a try if its open for contribution. Can you please explain litte more on what is the implementation plan? |
Hello Spring Security team,
Problem
When using the
UsernamePasswordAuthenticationFilterwe are setting custom authentication details withAuthenticationDetailsSourceto be used further down the security chain. Unfortunately, theSaml2WebSsoAuthenticationFilterdoes not populate the authentication details even though it inherits fromAbstractAuthenticationProcessingFilterwhich allows to define the details source.Solution
After the
Saml2AuthenticationTokenis created, populate the details. Afterwards, when creating theSaml2Authenticationwithin the authetication provider, just copy the details over.The text was updated successfully, but these errors were encountered: