You are my new hero!
A few things to note...
You have to call reinit() on the builtClients after you add the new client.
It looks like this:
@Autowired
Clients builtClients;
@PostConstruct
public void addSteamOpenIdClient() {
builtClients.getClients().add(new SteamOpenIdClient());
builtClients.reinit();
}
The SteamOpenIdClient and supporting code is a straight one-to-one rip-off
of the old YahooOpenIdClient in the pac4j-openid project with the following
exception.
The RedirectActionBuilder gets the Steam endpoint and you turn off
association attempts and attribute data fetch per this discussion:
https://github.com/jbufu/openid4java/issues/192
Looks like this:
public class SteamRedirectActionBuilder implements RedirectActionBuilder {
private static final Logger logger =
LoggerFactory.getLogger(SteamRedirectActionBuilder.class);
private static final String STEAM_OPENID_ENDPOINT =
"https://steamcommunity.com/openid/";;
private SteamOpenIdClient client;
public SteamRedirectActionBuilder(final SteamOpenIdClient client) {
CommonHelper.assertNotNull("client", client);
this.client = client;
}
@Override
public RedirectAction redirect(final WebContext context) throws
HttpAction {
try {
// perform discovery on the user-supplied identifier
final List discoveries =
this.client.getConsumerManager().discover(STEAM_OPENID_ENDPOINT);
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
this.client.getConsumerManager().setMaxAssocAttempts(0);
final DiscoveryInformation discoveryInformation =
this.client.getConsumerManager().associate(discoveries);
// save discovery information in session
context.setSessionAttribute(this.client.getDiscoveryInformationSessionAttributeName(),
discoveryInformation);
// create authentication request to be sent to the OpenID
provider
final AuthRequest authRequest =
this.client.getConsumerManager().authenticate(discoveryInformation,
this.client.computeFinalCallbackUrl(context));
final String redirectionUrl =
authRequest.getDestinationUrl(true);
logger.debug("redirectionUrl: {}", redirectionUrl);
return RedirectAction.redirect(redirectionUrl);
} catch (final OpenIDException e) {
throw new TechnicalException("OpenID exception", e);
}
}
}
Add steam to the loginProviders.html template fragment...
<span th:case="steamopenid" class="fa fa-openid"></span>
And that will get you a button on the login page that will send you through
the Steam auth flow.
*Next Problem:*
When you return to CAS from Steam all the OpenId auth works correctly, but
Authentication fails. I think CAS doesn't know what to do with a
OpenIdCredentials maybe? Actual SteamId is at the end of the
openid.claimed_id field.
01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieved
credentials: [#OpenIdCredentials# | discoveryInformation: OpenID2
OP-endpoint:https://steamcommunity.com/openid/login
ClaimedID:null
Delegate:null | parameterList: client_name:SteamOpenIdClient
openid.ns:http://specs.openid.net/auth/2.0
openid.mode:id_res
openid.op_endpoint:https://steamcommunity.com/openid/login
openid.claimed_id:http://steamcommunity.com/openid/id/1234123412341234
openid.identity:http://steamcommunity.com/openid/id/1234123412341234
openid.return_to:https://auth-test.daybreakgames.com/login?client_name=SteamOpenIdClient
openid.response_nonce:2018-01-12T21:07:18ZcPA3u0qpRI9mztuzYk/0SRwwTUU=
openid.assoc_handle:1234567890
openid.signed:signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.sig:g5gKyXlD+B+Vd4k58VulQPlLYzk=
| clientName: SteamOpenIdClient |]
01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieve
service: [null]
01-12 13:07:39 WARN authentication.PolicyBasedAuthenticationManager -
Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports
[org.apereo.cas.authentication.principal.ClientCredential@752bf076[id=<null>]]
of type [ClientCredential], which suggests a configuration problem.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/34f64af8-8c93-4cd9-b5e2-15f72d3a4506%40apereo.org.
