Uploaded image for project: 'SX Spring Security Extension'
  1. SX Spring Security Extension
  2. SES-69

Data returned from SAMLUserDetailsService and UserDetailsService put into different fields of the Authentication object


    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: saml-1.0.0.RC1
    • Fix Version/s: saml-1.0.0.RC1
    • Component/s: saml
    • Labels:


      We are using SAML for our production environment and username & password authentication for development. In production we an implementation of SAMLUserDetailsService to get information about the user and in development we use the corresponding functionality by implementing UserDetailsService (both return the same kind of object with information about the user). However the result returned from these two services is put in to different fields of the Authentication object depending on the authentication scheme used. When using SAML the object is put in to the details field and when using username & password authentication it is put into the principal field.

      This makes it hard to have the same code to get at the object returned from the SAMLUserDetailsService/UserDetailsService as we have to know which authentication scheme was used. My personal opinion is that the SAML module should behave as the username & password authentication and put the data in the principal field.




            • Assignee:
              vsch Vladimir Schäfer
              mel Mandus Elfving
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: