You are my new hero! A few things to note... You have to call reinit() on the builtClients after you add the new client. It looks like this:
@Autowired Clients builtClients; @PostConstruct public void addSteamOpenIdClient() { builtClients.getClients().add(new SteamOpenIdClient()); builtClients.reinit(); } The SteamOpenIdClient and supporting code is a straight one-to-one rip-off of the old YahooOpenIdClient in the pac4j-openid project with the following exception. The RedirectActionBuilder gets the Steam endpoint and you turn off association attempts and attribute data fetch per this discussion: https://github.com/jbufu/openid4java/issues/192 Looks like this: public class SteamRedirectActionBuilder implements RedirectActionBuilder { private static final Logger logger = LoggerFactory.getLogger(SteamRedirectActionBuilder.class); private static final String STEAM_OPENID_ENDPOINT = "https://steamcommunity.com/openid/"; private SteamOpenIdClient client; public SteamRedirectActionBuilder(final SteamOpenIdClient client) { CommonHelper.assertNotNull("client", client); this.client = client; } @Override public RedirectAction redirect(final WebContext context) throws HttpAction { try { // perform discovery on the user-supplied identifier final List discoveries = this.client.getConsumerManager().discover(STEAM_OPENID_ENDPOINT); // attempt to associate with the OpenID provider // and retrieve one service endpoint for authentication this.client.getConsumerManager().setMaxAssocAttempts(0); final DiscoveryInformation discoveryInformation = this.client.getConsumerManager().associate(discoveries); // save discovery information in session context.setSessionAttribute(this.client.getDiscoveryInformationSessionAttributeName(), discoveryInformation); // create authentication request to be sent to the OpenID provider final AuthRequest authRequest = this.client.getConsumerManager().authenticate(discoveryInformation, this.client.computeFinalCallbackUrl(context)); final String redirectionUrl = authRequest.getDestinationUrl(true); logger.debug("redirectionUrl: {}", redirectionUrl); return RedirectAction.redirect(redirectionUrl); } catch (final OpenIDException e) { throw new TechnicalException("OpenID exception", e); } } } Add steam to the loginProviders.html template fragment... <span th:case="steamopenid" class="fa fa-openid"></span> And that will get you a button on the login page that will send you through the Steam auth flow. *Next Problem:* When you return to CAS from Steam all the OpenId auth works correctly, but Authentication fails. I think CAS doesn't know what to do with a OpenIdCredentials maybe? Actual SteamId is at the end of the openid.claimed_id field. 01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieved credentials: [#OpenIdCredentials# | discoveryInformation: OpenID2 OP-endpoint:https://steamcommunity.com/openid/login ClaimedID:null Delegate:null | parameterList: client_name:SteamOpenIdClient openid.ns:http://specs.openid.net/auth/2.0 openid.mode:id_res openid.op_endpoint:https://steamcommunity.com/openid/login openid.claimed_id:http://steamcommunity.com/openid/id/1234123412341234 openid.identity:http://steamcommunity.com/openid/id/1234123412341234 openid.return_to:https://auth-test.daybreakgames.com/login?client_name=SteamOpenIdClient openid.response_nonce:2018-01-12T21:07:18ZcPA3u0qpRI9mztuzYk/0SRwwTUU= openid.assoc_handle:1234567890 openid.signed:signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle openid.sig:g5gKyXlD+B+Vd4k58VulQPlLYzk= | clientName: SteamOpenIdClient |] 01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieve service: [null] 01-12 13:07:39 WARN authentication.PolicyBasedAuthenticationManager - Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [org.apereo.cas.authentication.principal.ClientCredential@752bf076[id=<null>]] of type [ClientCredential], which suggests a configuration problem. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/34f64af8-8c93-4cd9-b5e2-15f72d3a4506%40apereo.org.