Decouple SAML 2.0 Single Logout from the authenticated principal's type

[chschu]

Issue gh-10820

When using a custom authenticated principal that does not implement Saml2AuthenticatedPrincipal, the Authentication itself can now implement Saml2AuthenticationInfo to provide the same information.

Making the authenticated principal implement the Saml2AuthenticatedPrincipal interface is not always an option. The authenticated principal can be an opaque Object created and consumed by code completely unaware of Spring Security.

On the other hand, the code that creates a custom Authentication already has Spring Security on the classpath, so implementing Saml2AuthenticationInfo there should always be possible.

The new interface Saml2AuthenticationInfo is currently only used for SAML 2.0 Single Logout. If neither the authenticated principal nor the Authentication itself implements it, SAML 2.0 Single Logout requests won't be detected.

This PR does not change the default behavior. It improves flexibility if OpenSaml4AuthenticationProvider.responseAuthenticationConverter is customized.

[pivotal-cla]

@chschu Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

[pivotal-cla]

@chschu Thank you for signing the Contributor License Agreement!

[jzheaux]

@chschu, I realize it's been a bit since you submitted this PR. I've posted a review; once we are aligned on how to change things, I'm happy to do the legwork to resolve the conflicting files so that you can focus on making the implementation changes.

[Faisul]

i had to use this as a work around for now. https://stackoverflow.com/a/78768756/19424868

[jzheaux]

Thanks, @chschu, for your patience on this PR. I've changed the name of the interface and placed it in the credential instead. In this way, there isn't any expectation for what interface the principal implements in order to inform logout behavior.

It will merge once the build completes.