Should ExpiringUsernameAuthenticationToken contain principal UserDetails object
I am using the saml extension from a grails context. So there are a few layers of indirection. I can see that SAMLAuthenticationProvider.authenticate returns a token containing just the username for the principal but the services in the grails security core plugin expect to be returned a UserDetails object.
Looking at the UsernamePasswordAuthenticationToken and Authentication interface javadoc getPrincipal when called by an Auth manager should return a UserDetails Object.
In this instance the provider manager is making the call post authentication so I would expect getPrincipal to return the UserDetails and not the username.
Am I right in how I'm reading this. If so can I raise an issue for this?
Also any ideas when the saml extension will be officially released.