I wonder if it would be possible to extend the SAMLAuthenticationProvider so that it optionally would create the AuthenticationToken with the principal containing the UserDetails instead of the String representation of the username.
This feature could be implemented like in the class
I have attached my suggestion for the SAMLAuthenticationProvider.
Perhaps you could consider this.
Anyway I would like to thank you Vladimir for contributing your SAML Security Extension to the public.