nopCommerce OAuth Single Sign-On (SSO) with ADFS as IDP

Overview

nopCommerce OAuth Single Sign-On (SSO) plugin gives the ability to enable OAuth Single Sign-On for your nopCommerce store using ADFS as the OAuth Provider. Using Single Sign-On you can use only one password to access your nopCommerce store and services. Our module is compatible with all the OAuth-compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and ADFS.

Pre-requisites : Download And Installation

• Download the nopCommerce OAuth Single Sign-On (SSO) module.
• To install the plugin, login as admin into your nopCommerce store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.

• Click on the Upload plugin or theme button at the top right corner, then in the popup window, click Choose File, select the downloaded plugin ZIP file, and click Upload plugin or theme to proceed.

• After uploading the plugin, click on Restart Application to apply the changes. Once the application restarts, you will see the plugin listed below. Click on the Install button to install it, and then click Restart Application again to apply the changes.

Configuration Steps

Step by Step guide for nopCommerce OAuth SSO using ADFS as Identity Provider.

• After successful installation, locate the plugin in the list and click on the Configure button to proceed with the setup.

1. Activate the SAML Plugin using License Key

• On clicking Configure, you will be redirected to the license activation page, and you will receive a trial license key on your registered email.
• If you have not received the license key on your provided email, use the Download License Key button in the plugin to download the license file.

• To activate the plugin, you can either:
  • Enter the license key received via email in the provided input field.

  OR

  • Upload the license file that you downloaded using the button mentioned above.

• Then, check the box "I have read the above conditions and I want to activate the middleware", and click Activate License button.

2. Configure nopCommerce Callback URL in ADFS

• After successful license activation, the plugin dashboard will open as shown below.
• Click on the Add New IDP button to configure a new Identity Provider.

• Under the Plugin Settings tab, select ADFS as your Identity Provider from the list.

• After selecting your Identity Provider from the list, the Identity Provider Configuration page will open.
• In the Identity Provider Settings tab, you will find the Callback URL under the Redirect URLs section.
• Copy this URL and keep it handy, as it will be required while configuring the Identity Provider.
• You can also copy the Logout Redirection URL from the Redirect URLs section for Identity Provider configuration.

• To perform SSO with ADFS as Provider, your application must be https enabled.

• Navigate to Server Manager Dashboard->Tools->ADFS Management.

• Navigate to ADFS->Application Groups. Right click on Application Groups & click on Add Application group then enter Application Name. Select Server Application & click on next.

• Copy Client Identifier. This is your Client ID. Add Callback URL in Redirect URL. You can get this callback URL from miniOrange nopCommerce OAuth Single Sign-On (SSO) plugin. Click on next.

• Click on Generate shared secret. Copy the Secret value. This is your Client Secret. Click on Next.

• On the Summary screen, click Next. On the Complete screen, click Close.

• Now, right-click on the newly added Application Group and select Properties.

• Click on Add application from App Properties.

• Click on the Add application. Then select Web API and click Next.

• On the Configure Web API screen, enter the domain name address into the Identifier section. Click Add. Click Next.

• On the Choose Access Control Policy screen, select Permit everyone and click Next.

• On the Configure Application Permission, by default openid is selected as a scope. You can select email and, profile as well, then click on next.

• On the Summary screen, click Next. On the Complete screen, click Close.

• On the Sample Application Properties click OK.

You have successfully configured ADFS as OAuth Server (identity provider) for achieving SSO login into your nopCommerce application.

3. Configure Identity Provider Client ID, Client Secret, and Endpoints in nopCommerce

• In the Identity Provider Settings tab, scroll down to the Provider Configuration section.
• Under the Provider Configuration section, enter the IdP Name and provide the Client ID and Client Secret obtained from the ADFS application.

• Enter the required endpoints such as Authorization Endpoint, Token Endpoint, Resource Endpoint, and Logout Endpoint in the Endpoints section.
• Note: Once you create the ADFS account, you'll find the Domain Url and you will need to add the same in the below endpoints.

Authorize Endpoint:	https://{Domain URL}/adfs/oauth2/authorize
Access Token Endpoint:	https://{Domain URL}/adfs/oauth2/token
Resource Endpoint:	https://{Domain URL}/adfs/oauth2/resource

• Click on the Save Settings button to save your configuration.

4. Testing OAuth SSO

• After entering the Client ID, Client Secret, and endpoint details, navigate back to the Dashboard. Click on the three dots (⋮) next to the configured Identity Provider and select Test Configuration.

• On successful configuration, you will get attributes name and attribute values in the test configuration window.

5. Attribute Mapping

• Under Attribute/Role Mapping tab, map the attribute names provided by your identity provider with your nopcommerce store attributes.
• Click on Save button.

• In the Attribute/Role Mapping tab, scroll down to the Default Role Mapping section and select the role from the Choose Role dropdown that you want to assign to users by default. Then, click on Save.

6. Adding SSO link for your nopCommerce store

• After saving the attribute mapping, navigate back to the Dashboard. Click on the three dots (⋮) next to the configured Identity Provider and select SSO Link.
• The SSO link will be copied automatically, and a “Copied to clipboard” notification will be displayed.

Related Articles

• nopCommerce SAML SSO
• nopCommerce Two Factor Authentication
• nopCommerce OAuth SSO with ADFS as IDP