Hi, Can you do some debugging in the ClientAuthenticationHandler to see how the login process finishes?
Thanks. Best regards, Jérôme On Fri, Jan 12, 2018 at 11:17 PM, FritzTheWonderMutt < [email protected]> wrote: > > You are my new hero! > A few things to note... > You have to call reinit() on the builtClients after you add the new > client. It looks like this: > > @Autowired > Clients builtClients; > > @PostConstruct > public void addSteamOpenIdClient() { > builtClients.getClients().add(new SteamOpenIdClient()); > builtClients.reinit(); > } > > The SteamOpenIdClient and supporting code is a straight one-to-one rip-off > of the old YahooOpenIdClient in the pac4j-openid project with the following > exception. > The RedirectActionBuilder gets the Steam endpoint and you turn off > association attempts and attribute data fetch per this discussion: > https://github.com/jbufu/openid4java/issues/192 > > Looks like this: > > public class SteamRedirectActionBuilder implements RedirectActionBuilder { > > private static final Logger logger = LoggerFactory.getLogger( > SteamRedirectActionBuilder.class); > > private static final String STEAM_OPENID_ENDPOINT = " > https://steamcommunity.com/openid/";; > > private SteamOpenIdClient client; > > public SteamRedirectActionBuilder(final SteamOpenIdClient client) { > CommonHelper.assertNotNull("client", client); > this.client = client; > } > > @Override > public RedirectAction redirect(final WebContext context) throws > HttpAction { > try { > // perform discovery on the user-supplied identifier > final List discoveries = this.client. > getConsumerManager().discover(STEAM_OPENID_ENDPOINT); > > // attempt to associate with the OpenID provider > // and retrieve one service endpoint for authentication > this.client.getConsumerManager().setMaxAssocAttempts(0); > final DiscoveryInformation discoveryInformation = this.client. > getConsumerManager().associate(discoveries); > > // save discovery information in session > context.setSessionAttribute(this.client. > getDiscoveryInformationSessionAttributeName(), discoveryInformation); > > // create authentication request to be sent to the OpenID > provider > final AuthRequest authRequest = this.client. > getConsumerManager().authenticate(discoveryInformation, > this.client.computeFinalCallbackUrl(context)); > > > final String redirectionUrl = authRequest.getDestinationUrl( > true); > logger.debug("redirectionUrl: {}", redirectionUrl); > return RedirectAction.redirect(redirectionUrl); > } catch (final OpenIDException e) { > throw new TechnicalException("OpenID exception", e); > } > } > > > } > > > Add steam to the loginProviders.html template fragment... > <span th:case="steamopenid" class="fa fa-openid"></span> > > And that will get you a button on the login page that will send you > through the Steam auth flow. > > *Next Problem:* > When you return to CAS from Steam all the OpenId auth works correctly, but > Authentication fails. I think CAS doesn't know what to do with a > OpenIdCredentials maybe? Actual SteamId is at the end of the > openid.claimed_id field. > > 01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieved > credentials: [#OpenIdCredentials# | discoveryInformation: OpenID2 > OP-endpoint:https://steamcommunity.com/openid/login > ClaimedID:null > Delegate:null | parameterList: client_name:SteamOpenIdClient > openid.ns:http://specs.openid.net/auth/2.0 > openid.mode:id_res > openid.op_endpoint:https://steamcommunity.com/openid/login > openid.claimed_id:http://steamcommunity.com/openid/id/1234123412341234 > openid.identity:http://steamcommunity.com/openid/id/1234123412341234 > openid.return_to:https://auth-test.daybreakgames.com/login? > client_name=SteamOpenIdClient > openid.response_nonce:2018-01-12T21:07:18ZcPA3u0qpRI9mztuzYk/0SRwwTUU= > openid.assoc_handle:1234567890 > openid.signed:signed,op_endpoint,claimed_id,identity, > return_to,response_nonce,assoc_handle > openid.sig:g5gKyXlD+B+Vd4k58VulQPlLYzk= > | clientName: SteamOpenIdClient |] > 01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieve > service: [null] > 01-12 13:07:39 WARN authentication.PolicyBasedAuthenticationManager - > Authentication has failed. Credentials may be incorrect or CAS cannot find > authentication handler that supports [org.apereo.cas. > authentication.principal.ClientCredential@752bf076[id=<null>]] of type > [ClientCredential], which suggests a configuration problem. > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/34f64af8-8c93-4cd9-b5e2- > 15f72d3a4506%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/34f64af8-8c93-4cd9-b5e2-15f72d3a4506%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyJp9719mz2VTGbQb1UzbUwTxJiDkoPHwzxbeCF_BLoaw%40mail.gmail.com.
