Search Results :

×

Cognito SAML Single Sign-On using DNN SAML as IDP

DotNetNuke (DNN) SAML IDP module acts as a SAML 2.0 Identity Provider which can be configured to establish the trust between the module and various SAML-compliant service providers to securely authenticate the user using the DotNetNuke (DNN) site credentials. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke(DNN) and Cognito considering DotNetNuke(DNN) as IDP. To know more about the other features we provide, click here.

Pre-requisites : Download And Installation

  • Download DNN SAML Identity Provider (IDP) module.
  • Upload the installation package dnn-saml-single-sign-on-sso-idp_xxx_Install by going in Settings > Extension > Install Extension.
    • Cognito SSO using DNN SAML IDP - Install Extension
  • Open any of the page on your DNN site (Edit mode) and Click on Add Module.
    • Cognito SSO using DNN SAML IDP - Add Module
  • Search for moDNNSAMLIDP and click on the moDNNSAMLIDP. Drag and drop the module on the page where you want.
    • Cognito SSO using DNN SAML IDP - Search for DNN SAML IDP
  • You have finished with the Installation of the module on your DNN site.

1. Configure Cognito as SP

  • From the list of service providers given below, select AWS Cognito.
    • Cognito SSO using DNN SAML IDP - Select Service Provider
  • There are two options in the module to share your IDP metadata to the service provider. Either you can share metadata URL or you can download the metadata (XML) file.
    • Cognito SSO using DNN SAML IDP - Download IDP Metadata
  • Also you can add the IDP metadata manually by entering IDP Entity ID, Single Sign-On URL and x.509 Certificate:
    • DNN SSO using DNN SAML IDP - Manual IDP Metadata
  • First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.
    • AWS Cognito Single Sign-On (SSO) - Login to Amazon Console
  • Search for Cognito in the AWS Services search bar as shown below.
    • AWS Cognito Single Sign-On (SSO) - Search for AWS Cognito
  • Click on Create a identity pool to create a new identity pool.
    • Cognito SSO using DNN SAML IDP - create identity pool cognito as SP
  • Now under the Auhtntication section select Authenticated Access as User Access & select SAML as Authenticated Identity Source.
  • Click on Next button.
    • AWS Cognito Single Sign-On (SSO) - Configure identity pool trust
  • Now In Configure Permissions check the create a new IAM role box and enter a name for new IAM role.
  • Click on Next button
    • AWS Cognito Single Sign-On(SSO)- Configure permissions
  • For creating new user pool. Enter Pool Name and select Review Defaults.
    • Cognito SSO using DNN SAML IDP - enter pool name cognito as SP
  • On the navigation bar on the left-side of the page, choose App clients under General settings.
  • Choose Add an app client and give your app a Name.
  • Clear the option Generate client secret for the purposes of this getting started exercise, as it would not be secure to send it on the URL using client-side JavaScript.
    • Cognito SSO using DNN SAML IDP - general settings cognito as SP
  • Choose Create app client.
  • Note the App client ID and choose Return to pool details.
    • Cognito SSO using DNN SAML IDP - app clients cognito as SP
  • Click on the Domain name tab of the Amazon Cognito console and add Domain Prefix.
    • Cognito SSO using DNN SAML IDP - add domain name cognito as SP
  • On the left navigation bar, choose Identity providers and then choose SAML to open the SAML dialog.

    • Cognito SSO using DNN SAML IDP - select saml idp cognito as SP
  • Under Metadata document upload a metadata document from your SAML IdP. You can also enter a URL that points to the metadata document.
    • Cognito SSO using DNN SAML IDP - metadata document cognito as SP
  • Note: Amazon Cognito recommends that you provide the endpoint URL if it is a public endpoint, rather than uploading a file because this allows Amazon Cognito to refresh the metadata automatically. Typically metadata refresh happens every 6 hours or before the metadata expires, whichever is earlier.
  • Enter the values by referring to the table below.
    • Provider Name Enter your SAML Identity Provider name.
    Identifiers (optional) Enter any optional SAML Identifiers you want to use.
    Enable IdP sign out flow Select Enable IdP sign out flow if you want your user to be logged out from the SAML IdP when logging out from Amazon Cognito.
  • Click on Create provider.
  • On the Attribute mapping tab,if you are opting for it then add mappings for at least the required attributes, typically email.
  • Choose Save changes.

2. Configure DNN as SAML IDP

  • There are two options to add an application for your Service Provider in the IDP module
    • A] Upload metadata using Upload SP Metadata option
  • IDP module requires SP Entity ID and ACS URL values from your service provider. You may get the metadata file (.xml) or metadata URL.
  • You can upload metadata using Upload SP Metadata option where you can upload metadata using XML file or URL.
  • You may refer to the screenshot below:
    • DNN SAML IDP - add service provider metadata
  • You can choose any one of the options according to the metadata format you have available.
    • B] Configure the Service Provider metadata manually

    DNN SAML IDP - add service provider
  • Once configured service provider metadata, Update the module settings

3. Attribute Mapping

  • In this steps you will map the DotNetNuke user attribute to be sent in the response to the Service Provider.
  • NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username or Email Address. You can select which user attribute you want to send in the NameID.
  • NameID Format defines the format of subject element content, i.e. NameID. For example, Email Address NameID Format defines that the NameID is in the form of an email address, specifically “addr-spec”.
  • An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”. If NameID Format is not externally specified by SP, leave it unspecified.
  • You can add other attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, fullname, username, email, custom profile attributes etc.
    • Cognito SSO using DNN SAML IDP - DNN Attribute Mapping

4. Testing SSO

  • In the Incognito browser window, enter the Cognito URL.
  • The browser will redirect you to the DNN Login screen.
  • Enter the DNN Credentials and click on Log in.
  • If you are redirected back to your Cognito start page and logged in successfully, then your configuration is correct.

You have successfully configured DNN as SAML IDP ( Identity Provider) for achieving DNN SSO login into your Cognito Server.

You can configure the DNN SAML IDP module with any service provider such as Azure AD, Azure B2C, Google Apps, Zoho Desk, Salesforce, WordPress, Cognito, Moodle, Zapier, Zoho, Zoom, Tableau Server, Hubspot, TalentLMS, WSO2 or even with your own custom service providers. You can find more service providers here.

Additional Resources

Need Help?

Not able to find your identity provider? Mail us on dnnsupport@xecurify.com and we'll help you set up SSO with your service provider and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Trending searches:
Hello there!

Need Help? We are right here!
support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com