I've implemented spring security saml authentication in the zimbra servlet by dropping the spring security and saml extension jars into zimbra's WEB-INF/lib directory and wiring the spring saml entry points into the servlet's filter chain. This works fine - when I hit the zimbra server, I get redirected to my saml idp properly, I login and am redirected back to the original zimbra url. The saml assertion is processed by the spring security saml code and I then hit the login page.
To get the saml credentials into zimbra, I use the zimbra preauth mechanism. I supply the spring security saml context wiring with a custom subclass of the SAMLProcessingFilter, override the determineTargetUrl method and build a preauth request from the saml attributes (email address specifically).
I see that the SAML processor properly redirects me to the /service/preauth service, which builds a token and adds the cookie, then redirects me to the original target URL (because I use the redirectURL query param in the preauth call).
The problem: I end up on the login page, instead of at the user's mailbox. If I leave the username/pwd boxes empty and press enter, I'm taken to the mailbox with no further argument. Is this a defect in the preauth protocol? Is there something I'm not doing right? I believe I'm properly generating the preauth token because I'm logged in - I just don't land on the right screen. I thought login.jsp was supposed to notice the cookie and automatically redirect to the mailbox.
I'm running zcs 6.0.7 on SLES11.