Enabling sessionManagement.sessionFixation for Spring Security original Extension

Question

My team has a spring boot web application. We have recently added SAML support to a service our company provides to clients. We developed a solution based on the spring-security-saml 1.0.6 extension.

One of our clients performed a review and discovered that the browser sessionId is not changing after a successful login. That's a feature that is turned on by default for the main spring security code, and configured through the sessionManagement.sessionFixation options.

I've tried adding a reference to that in our SAML configuration, trying all of the possible configuration options for that, but it doesn't seem to have any effect at all. Here's a partial configuration from our WebSecurityConfigurationAdapter code that configures the HttpSecurity object:

        http
                .apply(saml())
                .authenticationProvider(samlAuthenticationProvider())
                .userDetailsService(samlUserDetailsService)
                .successHandler(authenticationSuccessHandler())
                .failureHandler(new SimpleUrlAuthenticationFailureHandler("/"))
                .serviceProvider()
                .keyStore()
                .storeFilePath(samlProperties.getKeystore())
                .password(samlProperties.getKeystorePassword())
                .keyname(samlProperties.getDefaultKey())
                .keyPassword(samlProperties.getDefaultKeyPassword())
                .and()
                .sessionManagement().sessionFixation().changeSessionId()     

I've seen one post that refers to needing to manually configure the SAML provider to use certain objects defined for the core spring security, but it doesn't specifically deal with the sessionFixation configuration.

During a username/password login, I can see the session Id switch at this point in the log file with spring security modules set to trace:

2020-10-07 15:47:19.282 DEBUG 41443 S:A5787647 R:d429a48d --- [nio-8081-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-10-07 15:47:19.294 DEBUG 41443 S:C5DA158B R:67143c30 --- [nio-8081-exec-9] o.s.security.web.FilterChainProxy        : /initial-page at position 1 of 14 in additional filter chain; firing Filter: 'MetadataGeneratorFilter'

I'm not sure if the filter chain is being terminated prematurely, or if the sessionFixation filter is just never configured in the first place for the SAML side. Does anyone know how I could get this to work?