You are my new hero!
A few things to note...
You have to call reinit() on the builtClients after you add the new client.
It looks like this:
@Autowired
Clients builtClients;
@PostConstruct
public void addSteamOpenIdClient() {
builtClients.getClients().add(new SteamOpenIdClient());
builtClients.reinit();
}
The SteamOpenIdClient and supporting code is a straight one-to-one rip-off
of the old YahooOpenIdClient in the pac4j-openid project with the following
exception.
The RedirectActionBuilder gets the Steam endpoint and you turn off
association attempts and attribute data fetch per this discussion:
https://github.com/jbufu/openid4java/issues/192
Looks like this:
public class SteamRedirectActionBuilder implements RedirectActionBuilder {
private static final Logger logger =
LoggerFactory.getLogger(SteamRedirectActionBuilder.class);
private static final String STEAM_OPENID_ENDPOINT =
"https://steamcommunity.com/openid/";;
private SteamOpenIdClient client;
public SteamRedirectActionBuilder(final SteamOpenIdClient client) {
CommonHelper.assertNotNull("client", client);
this.client = client;
}
@Override
public RedirectAction redirect(final WebContext context) throws
HttpAction {
try {
// perform discovery on the user-supplied identifier
final List discoveries =
this.client.getConsumerManager().discover(STEAM_OPENID_ENDPOINT);
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
this.client.getConsumerManager().setMaxAssocAttempts(0);
final DiscoveryInformation discoveryInformation =
this.client.getConsumerManager().associate(discoveries);
// save discovery information in session
context.setSessionAttribute(this.client.getDiscoveryInformationSessionAttributeName(),
discoveryInformation);
// create authentication request to be sent to the OpenID
provider
final AuthRequest authRequest =
this.client.getConsumerManager().authenticate(discoveryInformation,
this.client.computeFinalCallbackUrl(context));
final String redirectionUrl =
authRequest.getDestinationUrl(true);
logger.debug("redirectionUrl: {}", redirectionUrl);
return RedirectAction.redirect(redirectionUrl);
} catch (final OpenIDException e) {
throw new TechnicalException("OpenID exception", e);
}
}
}
Add steam to the loginProviders.html template fragment...
<span th:case="steamopenid" class="fa fa-openid"></span>
And that will get you a button on the login page that will send you through
the Steam auth flow.
*Next Problem:*
When you return to CAS from Steam all the OpenId auth works correctly, but
Authentication fails. I think CAS doesn't know what to do with a
OpenIdCredentials maybe? Actual SteamId is at the end of the
openid.claimed_id field.
01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieved
credentials: [#OpenIdCredentials# | discoveryInformation: OpenID2
OP-endpoint:https://steamcommunity.com/openid/login
ClaimedID:null
Delegate:null | parameterList: client_name:SteamOpenIdClient
openid.ns:http://specs.openid.net/auth/2.0
openid.mode:id_res
openid.op_endpoint:https://steamcommunity.com/openid/login
openid.claimed_id:http://steamcommunity.com/openid/id/1234123412341234
openid.identity:http://steamcommunity.com/openid/id/1234123412341234
openid.return_to:https://auth-test.daybreakgames.com/login?client_name=SteamOpenIdClient
openid.response_nonce:2018-01-12T21:07:18ZcPA3u0qpRI9mztuzYk/0SRwwTUU=
openid.assoc_handle:1234567890
openid.signed:signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.sig:g5gKyXlD+B+Vd4k58VulQPlLYzk=
| clientName: SteamOpenIdClient |]
01-12 13:07:39 DEBUG flow.DelegatedClientAuthenticationAction - Retrieve
service: [null]
01-12 13:07:39 WARN authentication.PolicyBasedAuthenticationManager -
Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports
[org.apereo.cas.authentication.principal.ClientCredential@752bf076[id=<null>]]
of type [ClientCredential], which suggests a configuration problem.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/34f64af8-8c93-4cd9-b5e2-15f72d3a4506%40apereo.org.
