Search Results :

×
Sign Up Contact Us

Contents

Cognito SAML Single Sign-On using DNN SAML as IDP

DotNetNuke (DNN) SAML IDP module acts as a SAML 2.0 Identity Provider which can be configured to establish the trust between the module and various SAML-compliant service providers to securely authenticate the user using the DotNetNuke (DNN) site credentials. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke(DNN) and Cognito considering DotNetNuke(DNN) as IDP.

download plugin button Download plugin pricing button plugin pricing button Pricing Plans
  • Download DNN SAML Identity Provider (IDP) module.
  • Upload the installation package xxx_dnn-saml-single-sign-on-sso-idp_xxx_Install by going in Settings > Extension > Install Extension.
DNN SAML IDP - Install Extension

  • Open any of the page on your DNN site (Edit mode) and Click on Add Module.
DNN SAML IDP - Add Module

  • Search for moDNNSAMLIDP and click on the moDNNSAMLIDP. Drag and drop the module on the page where you want.
DNN SAML IDP - moDNNSAMLIDP module

  • After successfully installing the module on your DNN site, click the gear icon of the module, and select Settings from the dropdown menu.
DNN SAML IDP - Settings

  • Navigate to the moDNNSAMLIDP Settings tab to configure the module.
DNN SAML IDP - moDNNSAMLIDP Settings Tab

  • To activate the module, enter the license key received via email in the provided input field.
  • If you haven’t received the license key, click on the Click Here link to download it, and then upload the license file using the Choose File button.
DNN SAML IDP - license key

  • Then, accept the terms and conditions by checking the box, and click on the Activate License button to activate the module.
DNN SAML IDP - Activate License

  • Navigate to the IDP Configurations tab in the DNN SAML IDP module.
  • You can share your DNN SAML IDP Metadata with the Service Provider in either of the following ways:
    • Metadata URL : Share the metadata URL with your Service Provider.

      • OR

    • Download Metadata XML : Download the metadata XML file and upload it to your Service Provider.
DNN SAML IDP Metadata

  • You can also manually share the DNN SAML IDP metadata by copying the IdP Entity ID, Single Sign-On URL, SAML SLO URL, NameID Format, and x.509 Certificate.
DNN SAML IDP Manual Configuration

  • First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.
Amazon Console

  • Search for Cognito in the AWS Services search bar as shown below.
Amazon Console - Cognito

  • Click on Create a identity pool to create a new identity pool.
Amazon Console - identity pool

  • Now under the Authentication section select Authenticated Access as User Access & select SAML as Authenticated Identity Source.
  • Click on Next button.
Amazon Console - Authenticated Access

  • Now In Configure Permissions check the create a new IAM role box and enter a name for new IAM role.
  • Click on Next button
Amazon Console - Authenticated Access

  • For creating new user pool. Enter Pool Name and select Review Defaults.
User Pool

  • On the navigation bar on the left-side of the page, choose App clients under General settings.
  • Choose Add an app client and give your app a Name.
  • Clear the Generate client secret option for this getting started exercise, as it would not be secure to send it in the URL using client-side JavaScript.
General settings - Generate client secret

  • Choose Create app client.
  • Note the App client ID and choose Return to pool details.
General settings - Generate client secret

  • Click on the Domain name tab of the Amazon Cognito console and add Domain Prefix.
Amazon Cognito console - Domain Name

  • On the left navigation bar, choose Identity providers and then choose SAML to open the SAML dialog.
Identity Providers - SAML

  • Under Metadata document upload a metadata document from your DNN SAML IDP. You can also enter a URL that points to the metadata document.
Note and Contact Us - Azure B2C SAML SSO with WordPress

Note: Amazon Cognito recommends that you provide the endpoint URL if it is a public endpoint, rather than uploading a file because this allows Amazon Cognito to refresh the metadata automatically. Typically metadata refresh happens every 6 hours or before the metadata expires, whichever is earlier.


  • Enter the values by referring to the table below.
Provider Name Enter your SAML Identity Provider name.
Identifiers (optional) Enter any optional SAML Identifiers you want to use.
Enable IdP sign out flow Select Enable IdP sign out flow if you want your user to be logged out from the SAML IdP when logging out from Amazon Cognito.
  • Click on Create provider.
  • On the Attribute mapping tab,if you are opting for it then add mappings for at least the required attributes, typically email.
  • Choose Save changes.
  • Navigate to the SP Configurations tab and click on the Add Application button.
DNN SAML IDP Add Application

  • From the list of service providers given below, select AWS Cognito.
DNN SAML IDP - AWS Cognito

There are two options to add an application for your Service Provider in the IDP module

A] Upload Metadata using the “Upload Metadata” option

  • You can upload the Service Provider metadata directly using the Upload Metadata button.
DNN SAML IDP Upload Metadata

  • The IDP module requires the SP Entity ID and ACS URL values from your Service Provider.
  • You may receive these values either through a metadata file (.xml) or a metadata URL from your SP.
  • Upload the metadata by selecting the appropriate option — via XML file or URL — as shown in the screenshot below.
DNN SAML IDP Upload Metadata

B] Configure the Service Provider metadata manually

  • If you prefer to configure the Service Provider manually, copy the SP Entity ID and ACS URL from your Service Provider’s metadata and paste them into the corresponding fields.
DNN SAML IDP Upload Metadata

  • Once you have entered all required details, click on Save Settings to save the configuration.
DNN SAML IDP Save Settings

  • In this steps you will map the DotNetNuke user attribute to be sent in the response to the Service Provider.
  • NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username of Email Address. You can select which user attribute you want to send in the NameID.
  • You can add other attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, fullname, username, email, custom profile attributes etc.
  • After completing the attribute mapping, click on the Save Settings button to save your configurations.
DNN SAML IDP Attribute Mapping

  • In the User Pool, under App integration.
  • Go to your configured App Client, and scroll down to the Hosted UI section.
  • Click on View Hosted UI.
View Hosted UI

  • Click on the Button below Sign in with your corporate ID.
View Hosted UI

  • You would be redirected to the DNN Login screen. Enter the Credentials and click Log in.
  • If you were able to redirect to the selected Callback URL, then your configuration is correct.
  • Once the SSO connection is successfully tested, you can proceed to copy the DNN IdP initiated SSO link.
  • After adding your Service Provider, click on Select Actions → Copy SSO Link.
    For DNN (IdP) initiated SSO, you can use the SSO link provided by the DNN SAML IDP module.
  • If you face any issues or get any errors duing the setup. Click on the Troubleshoot button and Enable logs.
DNN SAML IDP Troubleshooting

DNN SAML IDP Troubleshooting



Please reach out to us at dnnsupport@xecurify.com, and our team will assist you with setting up SAML Single Sign-On (SSO) for Cognito using DNN as the Identity Provider (IDP). We will also help you choose the most suitable solution or plan based on your requirements.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support