Steps to Configure DNN as SAML IDP Module
Step 1: Download and extract the package
DNN SAML Identity Provider (IDP) module.
Extract the package and upload the installation package
dnn-saml-single-sign-on-sso-idp_xxx_Install by going in
Settings > Extension > Install Extension.
Step 2: Adding module on DNN page.
Open any of the page on your DNN site (Edit mode) and Click on
Search for moDNNSAMLIDP and click on the moDNNSAMLIDP. Drag and
drop the module on the page where you want.
You have finished with the Installation of the module on your DNN site.
Step 3: Configure Your Service Provider
You can share your IDP metadata to the
service provider. Either you can share metadata URL or you can download the
metadata (XML) file.
- Also you can add the IDP metadata manually by entering IDP Entity ID, Single Sign-On URL and x.509 Certificate:
Step 4: Add SAML application for your Service Provider
- There are two options to add an application for your Service Provider in the IDP module
A] Upload metadata using Upload SP Metadata option
IDP module requires SP Entity ID and ACS URL values from your service
provider. You may get the metadata file (.xml) or metadata URL.
You can upload metadata using Upload SP Metadata option where
you can upload metadata using XML file or URL.
- You may refer to the screenshot below:
You can choose any one of the options according to the metadata format you
B] Configure the Service Provider metadata manually
To configure the Service Provider metadata copy SP Entity ID
and ACS URL values from service provider metadata and paste them under SP
Entity ID and ACS URL fields.
Once configured service provider metadata, Update the module
Step 5: Attribute Mapping
In this steps you will map the DotNetNuke user attribute to be sent in the
response to the Service Provider.
NameID defines what SP is expecting in the subject element of SAML
Assertion. Generally, NameID is Username of Email Address. You can select
which user attribute you want to send in the NameID.
NameID Format defines the format of subject element content, i.e. NameID.
For example, Email Address NameID Format defines that the NameID is in the
form of an email address, specifically “addr-spec”.
- An addr-spec has the
form local-part@domain, has no phrase (such as a common name) before it,
has no comment (text surrounded in parentheses) after it, and is not
surrounded by “<” and “>”. If NameID Format is not externally
specified by SP, leave it unspecified
You can add other attributes to be sent in SAML Assertion to SP. The
attributes include user’s profile attributes such as first name, last
name, fullname, username, email, custom profile attributes etc.
- After saving the attribute mapping, proceed further with the test configuration or perform actual SSO from your service provider.
You can even configure the
DNN SAML Single Sign-On (SSO)
module with any identity provider such as
ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin,
SalesForce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA
SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2
or even with your own custom identity provider. To check other identity
We also provide ASP.NET SAML Single Sign-On module for setting up Single
Sign-On to your ASP.NET Custom Applications.
to know more.
miniOrange also provides you modules for integration with legacy apps such
Active Directory, SiteMinder, Radius, Unix and so on.
Using SAML, OAuth, OpenID, ADFS, and WSFED protocols, we can also
help you add login/authentication to your Umbraco site.