Search Results :

×
Sign Up Contact Us

Contents

nopCommerce SAML Single Sign-On (SSO) with Keycloak as IDP

nopCommerce SAML Single Sign-On (SSO) plugin gives the ability to enable SAML Single Sign-On for your nopCommerce store. Using Single Sign-On you can use only one password to access your nopCommerce store and services. Our plugin is compatible with all the SAML compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and Keycloak considering Keycloak as IdP.

download plugin button Download plugin pricing button plugin pricing button Pricing Plans

  • Download the nopCommerce SAML Single Sign-On (SSO) module.
  • To install the plugin, login as admin into your nopCommerce store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.
nopCommerce Configuration Tab

  • Click on the Upload plugin or theme button at the top right corner, then in the popup window, click Choose File, select the downloaded plugin ZIP file, and click Upload plugin or theme to proceed.
nopCommerce - Upload Plugin

nopCommerce - Upload Plugin popup window

  • After uploading the plugin, click on Restart Application to apply the changes. Once the application restarts, you will see the plugin listed below. Click on the Install button to install it, and then click Restart Application again to apply the changes.
nopCommerce - Restart application

nopCommerce - Install Plugin

Step by Step guide for nopCommerce SAML SSO using Keycloak as Identity Provider.

  • After successful installation, locate the plugin in the list and click on the Configure button to proceed with the setup.
nopCommerce - Configure Plugin

  • On clicking Configure, you will be redirected to the license activation page, and you will receive a trial license key on your registered email.
  • If you have not received the license key on your provided email, use the Download License Key button in the plugin to download the license file.
nopCommerce - Download License Key

  • To activate the plugin, you can either:
    • Enter the license key received via email in the provided input field.

      • OR

    • Upload the license file that you downloaded using the button mentioned above.
nopCommerce - Activate the plugin

nopCommerce - Activate the plugin

  • Then, check the box "I have read the above conditions and I want to activate the middleware", and click Activate License button.
nopCommerce - Check Box

  • After successful license activation, the plugin dashboard will open as shown below.
  • In the plugin dashboard, click on the Service Provider Metadata button from the top menu. This will open the Service Provider Metadata page.
nopCommerce - Service Provider Metadata Button

You can obtain the SAML SP metadata using either of the two methods described below to configure it on your Identity Provider end.

A] Using SAML metadata URL or metadata file
  • On this page, you can find the Metadata URL as well as the option to download the SAML metadata XML file.
  • Copy the Metadata URL or download the metadata file to configure the same on your Identity Provider end.
  • You may refer to the screenshot below:
nopCommerce - Metadata url and download option

B] Uploading Metadata Manually
  • On this page, you can manually copy the service provider metadata such as SP Entity ID, ACS URL, Base URL and share it with your Identity Provider for configuration.
  • You may refer to the screenshot below:
nopCommerce - Copy metadata manually

  • In your Keycloak Admin console, select the realm that you want to use.
  • Click on Clients from the left menu and then click on Create Client button to create a new client/application.
Keycloak WordPress SSO | Creating an APP / Client

  • Select SAML as Client type, Enter SP-EntityID / Issuer as the Client ID from the Service Provider Metadata tab, which you will get from Step 2B, enter Name of your application and enter Description.
Keycloak WordPress SSO | Add Client in Keycloak IDP

  • Click on the Next button.
  • Provide the details as mentioned below:
Root URL Leave empty or provide Base URL from Service Provider Metadata tab
Valid Redirect URIs The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Metadata tab
  • Click on Save button.
WordPress Keycloak Single Sign-On | Provide details in Keycloak IDP

  • In the Settings tab under SAML capabilities section, configure Keycloak by providing the required details:
Force POST Binding OFF
Force Name ID Format OFF
Name ID Format Email
Keycloak WordPress SSO | Keycloak Login - Settings tab configuration

  • In the Keys tab, disable the Client signature required toggle.
Keycloak WordPress SSO | Disable Client signature required

  • Click on the Save button.
  • In Advanced tab, under Fine Grain SAML Endpoint Configuration, enter the following details:
Assertion Consumer Service POST Binding URL The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Metadata tab
Logout Service Redirect Binding URL (Optional) The Single Logout URL from the plugin's Service Provider Metadata tab
Keycloak WordPress SSO | Advanced tab configuration

  • Click on Save button.

Add Mappers

  • Navigate to Mappers tab and click on Add Builtin button.
Keycloak WordPress SSO | Mappers Tab - Salesforce SSO Login with SAML / OAuth - WordPress SAML upload metadata

  • Select the checkboxes of X500 givenName, X500 surname and X500 email attributes.
WordPress Keycloak Login | Add built-in protocol mapper

  • Click on Add Selected button. You will see the mappings that are added below.
WordPress Keycloak Single Sign-On | Add Selected

  • In Client scopes tab,click on your application.
Keycloak WordPress SSO | click on application

  • Click on Add predefined mapper.
WordPress Keycloak Single Sign-On | Add predefined mapper

  • Select the checkboxes of X500 givenName, X500 surname and X500 email attributes.
Keycloak WordPress SSO | select checkboxes

  • Click on Add button.
  • You will see the mappings that are added below.
WordPress Keycloak Single Sign-On | mappings

  • In the Client scopes tab, click on your application.
Keycloak WordPress SSO | Client scopes

  • Click on Add predefined mapper.
Keycloak WordPress SSO | Add predefined mapper

  • Select the checkboxes of X500 givenName, X500 surname and X500 email attributes.
Keycloak WordPress SSO | Select the checkboxes

  • Click on the Add button.
  • You will see the mappings that are added below.
Keycloak WordPress SSO | See the mappings

Download setup file

  • Navigate to Realm Settings, click on SAML 2.0 Identity Provider Metadata mentioned as Endpoints in the General Tab.
Keycloak WordPress SSO | configure Settings

  • Note the URL and keep it handy. That will provide you with the Endpoints required to configure the plugin.
  • Navigate to Realm Settings, click on SAML 2.0 Identity Provider Metadata mentioned as Endpoints in the General Tab.
WordPress Keycloak Login | configure settings

  • Note the URL and keep it handy. That will provide you with the Endpoints required to configure the plugin.
  • Navigate to Realm Settings, click on SAML 2.0 Identity Provider Metadata mentioned as Endpoints in the General tab.
WordPress Keycloak Login | Realm settings endpoints

  • Note the URL and keep it handy. That will provide you with the Endpoints required to configure the plugin.

You have successfully configured Keycloak as SAML IdP (Identity Provider) for achieving Keycloak SSO login into your nopCommerce application.

  • Click on the Add new IDP button to configure a new Identity Provider.
nopCommerce - Add new IdP

  • Under the Plugin Settings tab, select Keycloak as your identity provider from the list shown.
nopCommerce - IdP List

  • After selecting your IdP from the list, the Identity Provider Configuration page will open. On this page, click on the Upload IdP Metadata button.
nopCommerce - Upload IdP Metadata Button

There are two ways detailed below with which you can configure your SAML Identity Provider metadata in the plugin.

A] Upload metadata using the Upload IDP Metadata button:
  • Enter the IdP Name, then either provide the metadata URL in the Fetch Metadata section and click Fetch Metadata to retrieve the configuration automatically, or upload the metadata XML file using the Upload Metadata option to configure the IdP.
  • You may refer to the screenshot below:
nopCommerce - metadata url or metadata file

B] Configure the identity provider metadata manually:
  • Alternatively, under the Identity Provider Settings tab, you can manually fill in the mandatory fields like IDP Name, IDP Entity ID and Single Sign-On URL and click Save Settings.
nopCommerce - Entity Id, SSO Url, SAML Certificate

nopCommerce - Entity Id, SSO Url, SAML Certificate

  • After uploading the metadata details, navigate back to the Dashboard. Click on the three dots (⋮) next to the configured Identity Provider and select Test Configuration.
nopCommerce - Test Configuration

  • On successful configuration, you will get attributes name and attribute values in the test configuration window.
nopCommerce - Successful Test Configuration

  • If you are experiencing any error, you can troubleshoot it using the steps below:
  • Click on the Troubleshoot SSO button and enable the required log levels.
  • Download the log file using the Download Logs button to identify what went wrong.
  • You can share the log file with us at nopcommercesupport@xecurify.com and our team will reach out to you to resolve your issue.
nopCommerce - Download Logs

  • Click on the three dots (⋮) next to the configured Identity Provider and select SSO Link.
  • A “Copy to Clipboard” pop-up will appear. Click OK to copy the SSO link to your clipboard.
nopCommerce - Copy SSO Link

nopCommerce - Copy SSO Link

Related Articles


 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

We'll Reach Out to You at the Earliest!


ADFS_sso ×
Hello there!

Need Help? We are right here!

support