DNN OAuth Single Sign-On (SSO) Using AWS Cognito As OAuth Provider

DNN OAuth Single Sign-On (SSO) authentication provider gives the ability to enable OAuth Single Sign-On for your DotNetNuke site. Using Single Sign-On you can use only one password to access your DotNetNuke site and services. Our authentication provider is compatible with all the OAuth compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DNN and Cognito considering Cognito as OAuth Provider. To know more about the other features we provide for DNN OAuth Single Sign-On (SSO), click here.

Pre-requisites: Download and Installation

• Download the DNN Oauth Single Sign On authentication provider with above link.
• Upload the installation package dnn-oauth-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
• Now under the Installed extensions tab select Authentication Systems. Here you can see the miniOrange DNN OAuth Authentication Provider.

• Just click on the pencil icon as mentioned in the image below to configure the DNN OAuth Authentication Provider.

• Now go to the site settings tab. Here you can see the DNN OAuth Authentication Provider Dashboard.

• You have finished with the installation of the Authentication Provider on your DNN site.

Steps to configure DNN Single Sign-On (SSO) using AWS Cognito as IDP

1. Configure Authentication Provider for Setting up OAuth Single Sign-On (SSO)

• For configuring application in the authentication provider, click on the Add New Provider button in the Identity Provider Settings tab.


Select your Identity Provider

• Select AWS Cognito as Identity Provider from the list. You can also search for your Identity Provider using the search box.

2. Configure AWS Cognito as OAuth Provider

• First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.


• Search for Cognito in the AWS Services search bar as shown below.


• Click on Create a user pool to create a new user pool.


• Choose the attributes in your user pool to be used during the sign-in process


• Set up a strong password to configure your security requirements. Go ahead with the ‘No MFA’ option if you want users to only sign in with a single authentication factor. If you wish to enable MFA (Multi-factor authentication) it will require SMS messages which are charged separately by Amazon SNS. Learn more about that here. Click Next.


• Configure attributes that would be required during the user sign-up flow.


• Choose additional attributes if you wish to. Click Next.


• Configure how your user pool sends email messages to users.


• Enter a name for your user pool, Also Under Hosted authentication pages, check ‘Use the Cognito Hosted UI’.


• Now, Under the Domain section choose the domain type as ‘Use a Cognito domain’. Enter a domain name for your Cognito app.


• Under the Initial app client section, Enter a name for your app client and check on Generate a client secret.


• Now enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side and paste it under the Allowed callback URLs text-field. Also refer the following image for choosing the authentication flows for your app.


• Now, Under Advanced app client settings. Select Identity provider as Cognito user pool & Select Authorization code grant under the OAuth 2.0 grant types and also select openid,email and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below). Click on the Next button to save your configurations.


• Now, Review your selection of requirements. Click Create user pool to confirm the selection and create a user pool.


• After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.


• Go to the Users tab, and click Create user.


• Enter details such as username, email address & password. Click on Create user to save the details.


• After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'App Integration' section and copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. This should be entered into the endpoints field under in the miniOrange OAuth Single Sign-On (SSO) plugin.


• To get the Client ID and Client Secret, stay on the same 'App Integration' tab and scroll down to the 'App clients and analytics' section. Click on your App client name to see the Client ID and Client Secret.

You have successfully configured AWS Cognito as OAuth Provider for achieving AWS Cognito Single Sign-On (SSO) with DNN.

3. Configuring OAuth Provider

• Copy the Redirect/Callback URL and provide it to your OAuth provider.

4. Configuring OAuth Client

• Configure Client ID, Client Secret, update the endpoints if required and save the settings.

5. Test Configuration

• Now go to the Identity Provider Settings tab.
• Under the select actions click on the Test Configuration button to verify if you have configured the authentication provider correctly.

• On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.

6. Attribute Mapping

• For attribute mapping select the Edit Configuration from the select actions dropdown.
• Map email and username with Attribute Name you can see in Test Configuration window and save the settings.

You can configure the ASP.NET SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.

Additional Resources

• DNN OAuth Single Sign-On (SSO)
• DNN SAML Single Sign-On (SSO)
• ASP.NET OAuth Single Sign-On (SSO)
• nopCommerce OAuth Single Sign-On (SSO)
• nopCommerce SAML Single Sign-On (SSO)