Search Results :

×
Sign Up Contact Us

Contents

DNN SAML Single Sign-On (SSO) with ADFS as IDP

DNN SAML Single Sign-On (SSO) authentication provider gives the ability to enable SAML Single Sign-On for your DotNetNuke applications. Using Single Sign-On you can use only one password to access your DotNetNuke application and services. Our authentication provider is compatible with all the SAML-compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke and ADFS considering ADFS as IdP.

download plugin button Download plugin pricing button plugin pricing button Pricing Plans

  • Download the DNN SAML Single Sign On authentication provider with above link.
  • Upload the installation package dnn-saml-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
  • Navigate to the Installed Extensions tab and select Authentication Systems. You will find the miniOrange DNN SAML Authentication Provider listed there.
miniOrange DNN SAML Authentication Provider

  • Click on the pencil icon (as shown in the image below) to begin configuring the DNN SAML Authentication Provider.
DNN SAML Authentication Provider - Pencil Icon

  • Navigate to the Site Settings tab to configure DNN SAML SSO.
DNN SAML Authentication Provider - Site Settings

  • To activate DNN SAML SSO, enter the license key received via email in the provided input field.
  • If you haven’t received the license key, click on the “here” link to download it, and then upload the license file using the Choose File button.
  • Click on the Activate License button to complete the activation.
DNN SAML Authentication Provider - License Key

Step by Step guide for DNN SAML SSO using ADFS as Identity Provider.

  • After successful license activation, the plugin dashboard will open as shown below.
DNN SAML SSO Plugin Dashboard

  • In the plugin dashboard, click on the Service Provider Metadata button from the top menu. This will open the Service Provider Metadata page.
DNN SAML SSO - Service Provider Metadata Button

  • Scroll down to the Share SAML Metadata section.
DNN SAML SSO - Share SAML Metadata

You can obtain the SAML SP metadata using either of the two methods described below to configure it on your Identity Provider end.

A] Using SAML metadata URL or metadata file
  • On this page, you can find the Metadata URL as well as the option to download the SAML metadata XML file.
  • Copy the Metadata URL or download the metadata file to configure the same on your Identity Provider end.
  • You may refer to the screenshot below:
DNN SAML SSO - Metadata url and download option

B] Uploading Metadata Manually
  • On this page, you can manually copy the service provider metadata such as SP Entity ID, ACS URL, SP Logout Url and share it with your Identity Provider for configuration.
  • You may refer to the screenshot below:
DNN SAML SSO - Copy metadata manually
Steps to Configure ADFS IdP
  • First, search for ADFS Management application on your ADFS server.
ADFS Management

  • In ADFS Management, select Relying Party Trust and click on Add Relying Party Trust.
ADFS Management - Relying Party Trust

  • Select Claims aware from the Relying Party Trust Wizard and click on Start button.
ADFS Management - Claims aware

Select Data Source

  • In Select Data Source, select the data source for adding a relying party trust.
  • Navigate to Service Provider Metadata section of the DNN plugin and copy the Metadata URL, which you will get from Step 2A.
  • Select Import data about the relying party published online or on the local network option and add the metadata URL in Federation metadata address.
  • Click on Next.
Service Provider Metadata

  • Navigate to Service Provider Metadata section of the DNN plugin and click on the Download button to download the plugin metadata file, which you will get from Step 2A.
  • Select Import data about the relying party from a file option and upload the downloaded metadata file.
  • Click on Next.
Service Provider Metadata

  • Navigate to Service Provider Metadata section of the DNN plugin to get the endpoints to configure Service Provider manually, which you will get from Step 2B.
  • In Add Relying Party Trust Wizard select option Enter data about the relying party manually and click on Next.
Service Provider Metadata

Specify Display Name

  • Enter Display Name and Click Next.
Specify Display Name

Configure Certificate (Premium feature)

  • Download the certificate from Service Provider Metadata Tab, which you will get from Step 2A.
  • Upload the certificate and click on Next.
Configure Certificate

Configure URL

  • Select Enable support for the SAML 2.0 WebSSO protocol option and enter ACS URL from the plugin's Service Provider Metadata Tab, which you will get from Step 2B.
  • Click on Next.
Configure URL

Configure Identifiers

  • In the Relying party trust identifier, add the SP-EntityID / Issuer from the plugin's Service Provider Metadata tab, which you will get from Step 2B.
Configure Identifiers

Choose Access Control Policy

  • Select Permit everyone as an Access Control Policy and click on Next.
Choose Access Control Policy

Ready to Add Trust

  • In Ready to Add Trust click on Next and then Close.
Ready to Add Trust

Edit Claim Issuance Policy

  • In the list of Relying Party Trust, select the application you created and click on Edit Claim Issuance Policy.
Edit Claim Issuance Policy

  • In Issuance Transform Rule tab click on Add Rule button.
Edit Claim Issuance Policy

Choose Rule Type

  • Select Send LDAP Attributes as Claims and click on Next.
Choose Rule Type

Configure Claim Rule

  • Add a Claim Rule Name and select the Attribute Store as required from the dropdown.
  • Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP Attribute as E-Mail-Addresses and Outgoing Claim Type as Name ID.
Configure Claim Rule

  • Once you have configured the attributes, click on Finish.
  • After configuring ADFS as IDP, you will need the Federation Metadata to configure your Service Provider.
  • To get the ADFS Federation Metadata, you can use this URL
    https://< ADFS_Server_Name >/federationmetadata/2007-06/federationmetadata.xml
  • You have successfully configured ADFS as SAML IdP (Identity Provider) for achieving ADFS Single Sign-On (SSO) Login

Windows SSO (Optional)

Follow the steps below to configure Windows SSO

  • Steps to configure ADFS for Windows Authentication
    • Open elevated Command Prompt on the ADFS Server and execute the following command on it:
      setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##
    • FQDN is Fully Qualified Domain Name (Example : adfs4.example.com)
    • Domain Service Account is the username of the account in AD.
    • Example : setspn -a HTTP/adfs.example.com username/domain.
  • Open AD FS Management Console, click on Services and go to the Authentication Methods section. On the right, click on Edit Primary Authentication Methods. Check Windows Authentication in Intranet zone.
ADFS Management Console ADFS Management Console
  • Open Internet Explorer. Navigate to Security tab in Internet Options.
  • Add the FQDN of AD FS to the list of sites in Local Intranet and restart the browser.
  • Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.
Security Settings - Local Intranet Zone

  • Open the powershell and execute following two commands to enable windows authentication in Chrome browser.
 Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty  WIASupportedUserAgents) + "Chrome")
 Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents;
  • You have successfully configured ADFS for Windows Authentication.
  • Click on the Add new IDP button to configure a new Identity Provider.
DNN SAML SSO - Add new IdP

  • Under the Plugin Settings tab, select ADFS as your identity provider from the list shown.
DNN SAML SSO - IdP List

  • After selecting your IdP from the list, the Identity Provider Settings page will open. Here, you can either click on the Upload IdP Metadata button to configure the Identity Provider automatically using metadata, or manually enter the required Identity Provider details under the Identity Provider Settings.
DNN SAML SSO - Upload Idp Metadata

There are two ways detailed below with which you can configure your SAML Identity Provider metadata in the plugin.

A] Upload metadata using the Upload IDP Metadata button:
  • Click Choose File to upload the metadata XML file using the Upload XML File option, then click Upload. Alternatively, provide the metadata URL in the Enter metadata URL section and click Fetch Metadata to retrieve the Identity Provider configuration automatically.
  • You may refer to the screenshot below:
DNN SAML SSO - metadata url or metadata file

B] Configure the identity provider metadata manually:
  • Alternatively, under the Identity Provider Settings tab, you can manually fill in the mandatory fields like IDP Name, IDP Entity ID and Single Sign-On URL and click Save Settings.
nopCommerce - Entity Id, SSO Url, SAML Certificate

nopCommerce - Entity Id, SSO Url, SAML Certificate

  • After uploading the metadata details, navigate back to the Dashboard. Hover over the Select Actions dropdown next to the configured Identity Provider and click Test Configuration.
DNN SAML SSO - Test Configuration

  • On successful configuration, you will get attributes name and attribute values in the test configuration window.
DNN SAML SSO - Successful Test Configuration

  • Hover over the Select Actions dropdown next to the configured Identity Provider and click Copy SSO Link.
  • Use this SSO link to initiate Single Sign-On (SSO) for users logging into your DNN portal.
DNN SAML SSO - Copy SSO Link
  • User gets logged in to the DNN site by entering the credentials of ADFS.

Related Articles


 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

We'll Reach Out to You at the Earliest!


ADFS_sso ×
Hello there!

Need Help? We are right here!

support