DNN SAML Single Sign-On (SSO) with Keycloak as IDP
DotNetNuke SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your DotNetNuke applications. Using Single Sign-On you can use only one password to access your DotNetNuke application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke and Keycloak as IdP.
Download and Install the module in DotNetNuke
- Download the package for DNN SAML Single Sign-On (SSO) module.
- Upload the installation package dnn-saml-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
Steps to configure Keycloak Single Sign-On (SSO) Login into DotNetNuke
1. Add SAML Authentication Provider on DNN page
- Now under the Installed extensions tab select Authentication Systems.Here you can see the miniOrange DNN SAML Authentication Plugin.
- Just Click on the pencil icon as mentioned in the image below to configure the DNN SAML Authentication Provider.
- Now go to the site settings tab. Here you can see the DNN SAML Authentication Provider Dashboard.
- You have finished with the Installation of the authentication provider on your DNN site.
2. Configure Keycloak as Identity Provider
- In your Keycloak Admin console, select the realm that you want to use.
- Click on Clients from the left menu and then click on Create button to create a new client/application.
- Enter SP-EntityID / Issuer as the Client ID from the "Service Provider Settings" Tab and select SAML as the Client Protocol.
- Now click on Save.
- Configure Keycloak by providing the required details:
- Under Fine Grain SAML Endpoint Configuration, Enter the following details:
- Click on Save.
- In your Keycloak Admin console, select the realm that you want to use.
- Click on Clients from the left menu and then click on Create Client button to create a new client/application.
- Select SAML as Client type, Enter SP-EntityID / Issuer as the Client ID from the "Service Provider Metadata" Tab,Enter Name of your application and enter Description.
- Now click on Save.
- Configure Keycloak by providing the required details:
- Now click on Save.
- In Advanced tab,under Fine Grain SAML Endpoint Configuration, Enter the following details:
- Click on Save.
| Client ID | The SP-EntityID / Issuer from the plugin's Service Provider Metadata tab |
| Name | Provide a name for this client |
| Description | Provide a description |
| Client Signature Required | OFF |
| Force POST Binding | OFF |
| Force Name ID Format | OFF |
| Name ID Format | |
| Root URL | Leave empty or Provide Base URL from Service Provider Settings tab |
| Valid Redirect URIs | The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Settings tab |
| Assertion Consumer Service POST Binding URL | The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Settings tab |
| Logout Service Redirect Binding URL (Optional) | The Single Logout URL from the plugin's Service Provider Metadata tab |
| Client ID | The SP-EntityID / Issuer from the plugin's Service Provider Metadata tab |
| Name | Provide a name for this client |
| Description | Provide a description |
| Client Signature Required | OFF |
| Force POST Binding | OFF |
| Force Name ID Format | OFF |
| Name ID Format | |
| Root URL | Leave empty or Provide Base URL from Service Provider Settings tab |
| Valid Redirect URIs | The ACS (Assertion Consumer Service) URLfrom the plugin's Service Provider Settings tab |
| Assertion Consumer Service POST Binding URL | The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Settings tab |
| Logout Service Redirect Binding URL (Optional) | The Single Logout URL from the plugin's Service Provider Metadata tab |
3. Configure DNN SAML Authentication Provider as Service Provider
- For configuring application in the authentication provider, click on the Add new IdP button in the Identity Provider Settings tab.
- Select Keyclock from the list. You can also search for your Identity Provider using the search box.
- Under the Service Provider Settings tab,download SP metadata as a XML document or copy the metadata url.
- Alternatively, copy and paste the SP Entity ID and ACS Url from the SP metadata Table to Keyclock configuration page.
- To upload IdP's metadata, you can use the Upload IdP metadata button under the Identity Provider Settings tab, if you have the IdP metadata URL or the IdP metadata .xml file.
- Alternatively, you can copy the IDP Entity ID and Single Sign-On Url values from the IdP and fill them up under the Identity Provider Settings tab.
A] Select your Identity Provider
B] Configure your Identity Provider
C] Configure your Service Provider
4. Testing SAML SSO
- Click here if you haven't already configured MFA on Microsoft Entra ID (formerly Azure AD). You can also disable MFA for Azure AD by clicking here.
- Click the Test Configuration button to verify if you have configured the plugin correctly.
- On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.
You can even configure the ASP.NET SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Microsoft Entra ID (formerly Azure AD), Bitium, centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.
Additional Resources
- DNN SAML Single Sign-On (SSO)
- DNN OAuth Single Sign-On (SSO)
- ASP.NET SAML Single Sign-On (SSO)
- nopCommerce SAML Single Sign-On (SSO)
- Umbraco SAML Single Sign-On (SSO)
Need Help?
Not able to find your identity provider? Mail us on dnnsupport@xecurify.com and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
Need Help? We are right here!
