OpenID providers sometime may return not only authentication result, but some additional information about user (like email, user name and so on). By default, spring-security-openid library supported requesting attributes by using Attribute Exchange extension. To enable it you need to add into your security configuration list of attributes you requesting:
<http use-expressions="true"> <intercept-url pattern="/**" access="permitAll" /> <openid-login> <attribute-exchange> <openid-attribute name="email" type="[http://axschema.org/contact/email"] required="true" /> <openid-attribute name="fullname" type="[http://axschema.org/namePerson"] /> <openid-attribute name="first" type="[http://axschema.org/namePerson/first"] /> <openid-attribute name="last" type="[http://axschema.org/namePerson/last"] /> </attribute-exchange> </openid-login> <logout /> </http>
Unfortunately, not all providers supports Attribute Exchange (for example http://www.myopenid.com is not supported). In some cases attributes may be get by using SReg Extension. Spring-Security-Step2 adds SReg request additionally to Attribute Exchange for such cases. No any additional configuration required - SReg support will be added automatically as soon as you will switch from spring-security-openid to spring-security-step2.
For example, Demo Application used for Quick Start can get attributes from Google, Yahoo, MyOpenID and any other supported Attribute Exchange or Simple Registration extensions (I support all of most popular).
You can use received attributes in OpenIdAuthenticationHandler to (for example) automatically create account in you local DB.