Should ExpiringUsernameAuthenticationToken contain principal UserDetails object

Hi,

I am using the saml extension from a grails context. So there are a few layers of indirection. I can see that SAMLAuthenticationProvider.authenticate returns a token containing just the username for the principal but the services in the grails security core plugin expect to be returned a UserDetails object.

Looking at the UsernamePasswordAuthenticationToken and Authentication interface javadoc getPrincipal when called by an Auth manager should return a UserDetails Object.

In this instance the provider manager is making the call post authentication so I would expect getPrincipal to return the UserDetails and not the username.

Am I right in how I'm reading this. If so can I raise an issue for this?

Also any ideas when the saml extension will be officially released.

Kind Regards,
Feroz Panwaskar