something that I probably miss, and maybe someone can spill some light.
I saw that the SAMLAuthenticationProvider creates a new authentication token of type ExpiringUsernameAuthenticationToken. In my implementation, I created another type instead, something that extends SAMLAuthenticationToken (maybe I should not do so?).
After I get the SAML-Response, I try to get to a protected resource in my SP. But I see that spring keeps blocking me, meaning I cannot get to that specific URL.
SO I checked a bit and saw that the SAMLAuthenticationToken object that is created is not "authenticated", meaning the "authenticated" flag is set to false. So I tried to set it to true, by calling setAuthenticated(true). Then I figured out that the implementation there throws IllegalArgumentException. the docs say "This object can never be authenticated, call with true result in exception."
Can anyone explain why this is the impl? why this token cannot be "authenticated"?
I saw that the SAMLAuthenticationProvider creates a new authentication token of type ExpiringUsernameAuthenticationToken. In my implementation, I created another type instead, something that extends SAMLAuthenticationToken (maybe I should not do so?).
After I get the SAML-Response, I try to get to a protected resource in my SP. But I see that spring keeps blocking me, meaning I cannot get to that specific URL.
SO I checked a bit and saw that the SAMLAuthenticationToken object that is created is not "authenticated", meaning the "authenticated" flag is set to false. So I tried to set it to true, by calling setAuthenticated(true). Then I figured out that the implementation there throws IllegalArgumentException. the docs say "This object can never be authenticated, call with true result in exception."
Can anyone explain why this is the impl? why this token cannot be "authenticated"?