You are my new hero!
A few things to note... 
You have to call reinit() on the builtClients after you add the new client. 
It looks like this:

@Autowired
    Clients builtClients;
    
    @PostConstruct
    public void addSteamOpenIdClient() {
        builtClients.getClients().add(new SteamOpenIdClient());
        builtClients.reinit();
    }

The SteamOpenIdClient and supporting code is a straight one-to-one rip-off 
of the old YahooOpenIdClient in the pac4j-openid project with the following 
exception.
The RedirectActionBuilder gets the Steam endpoint and you turn off 
association attempts and attribute data fetch per this discussion:
https://github.com/jbufu/openid4java/issues/192

Looks like this:

public class SteamRedirectActionBuilder implements RedirectActionBuilder {

    private static final Logger logger = 
LoggerFactory.getLogger(SteamRedirectActionBuilder.class);

    private static final String STEAM_OPENID_ENDPOINT = 
"https://steamcommunity.com/openid/";;

    private SteamOpenIdClient client;

    public SteamRedirectActionBuilder(final SteamOpenIdClient client) {
        CommonHelper.assertNotNull("client", client);
        this.client = client;
    }

    @Override
    public RedirectAction redirect(final WebContext context) throws 
HttpAction {
        try {
            // perform discovery on the user-supplied identifier
            final List discoveries = 
this.client.getConsumerManager().discover(STEAM_OPENID_ENDPOINT);

            // attempt to associate with the OpenID provider
            // and retrieve one service endpoint for authentication
            this.client.getConsumerManager().setMaxAssocAttempts(0);
            final DiscoveryInformation discoveryInformation = 
this.client.getConsumerManager().associate(discoveries);

            // save discovery information in session
            
context.setSessionAttribute(this.client.getDiscoveryInformationSessionAttributeName(),
 
discoveryInformation);

            // create authentication request to be sent to the OpenID 
provider
            final AuthRequest authRequest = 
this.client.getConsumerManager().authenticate(discoveryInformation,
                    this.client.computeFinalCallbackUrl(context));


            final String redirectionUrl = 
authRequest.getDestinationUrl(true);
            logger.debug("redirectionUrl: {}", redirectionUrl);
            return RedirectAction.redirect(redirectionUrl);
        } catch (final OpenIDException e) {
            throw new TechnicalException("OpenID exception", e);
        }
    }


}


Add steam to the loginProviders.html template fragment...
<span th:case="steamopenid" class="fa fa-openid"></span>

And that will get you a button on the login page that will send you through 
the Steam auth flow.

*Next Problem:*
When you return to CAS from Steam all the OpenId auth works correctly, but 
Authentication fails. I think CAS doesn't know what to do with a 
OpenIdCredentials maybe? Actual SteamId is at the end of the 
openid.claimed_id field.

01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieved 
credentials: [#OpenIdCredentials# | discoveryInformation: OpenID2
OP-endpoint:https://steamcommunity.com/openid/login
ClaimedID:null
Delegate:null | parameterList: client_name:SteamOpenIdClient
openid.ns:http://specs.openid.net/auth/2.0
openid.mode:id_res
openid.op_endpoint:https://steamcommunity.com/openid/login
openid.claimed_id:http://steamcommunity.com/openid/id/1234123412341234
openid.identity:http://steamcommunity.com/openid/id/1234123412341234
openid.return_to:https://auth-test.daybreakgames.com/login?client_name=SteamOpenIdClient
openid.response_nonce:2018-01-12T21:07:18ZcPA3u0qpRI9mztuzYk/0SRwwTUU=
openid.assoc_handle:1234567890
openid.signed:signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.sig:g5gKyXlD+B+Vd4k58VulQPlLYzk=
 | clientName: SteamOpenIdClient |]
01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieve 
service: [null]
01-12 13:07:39 WARN  authentication.PolicyBasedAuthenticationManager - 
Authentication has failed. Credentials may be incorrect or CAS cannot find 
authentication handler that supports 
[org.apereo.cas.authentication.principal.ClientCredential@752bf076[id=<null>]] 
of type [ClientCredential], which suggests a configuration problem.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/34f64af8-8c93-4cd9-b5e2-15f72d3a4506%40apereo.org.

Reply via email to