DNN SAML IDP Single Sign-On Setup Guides

Steps to Configure DNN as SAML IDP Module

Step 1: Download and extract the package

• Download DNN SAML Identity Provider (IDP) module.
• Extract the package and upload the installation package dnn-saml-single-sign-on-sso-idp_xxx_Install by going in Settings > Extension > Install Extension.

Step 2: Adding module on DNN page.

• Open any of the page on your DNN site (Edit mode) and Click on Add Module.

• Search for moDNNSAMLIDP and click on the moDNNSAMLIDP. Drag and drop the module on the page where you want.

• You have finished with the Installation of the module on your DNN site.

Step 3: Configure Your Service Provider

• You can share your IDP metadata to the service provider. Either you can share metadata URL or you can download the metadata (XML) file.

• Also you can add the IDP metadata manually by entering IDP Entity ID, Single Sign-On URL and x.509 Certificate:

Step 4: Add SAML application for your Service Provider

• There are two options to add an application for your Service Provider in the IDP module

A] Upload metadata using Upload SP Metadata option

• IDP module requires SP Entity ID and ACS URL values from your service provider. You may get the metadata file (.xml) or metadata URL.
• You can upload metadata using Upload SP Metadata option where you can upload metadata using XML file or URL.
• You may refer to the screenshot below:

• You can choose any one of the options according to the metadata format you have available.

B] Configure the Service Provider metadata manually

• To configure the Service Provider metadata copy SP Entity ID and ACS URL values from service provider metadata and paste them under SP Entity ID and ACS URL fields.

• Once configured service provider metadata, Update the module settings

Step 5: Attribute Mapping

• In this steps you will map the DotNetNuke user attribute to be sent in the response to the Service Provider.
• NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username of Email Address. You can select which user attribute you want to send in the NameID.
• NameID Format defines the format of subject element content, i.e. NameID. For example, Email Address NameID Format defines that the NameID is in the form of an email address, specifically “addr-spec”.
• An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”. If NameID Format is not externally specified by SP, leave it unspecified
• You can add other attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, fullname, username, email, custom profile attributes etc.

• After saving the attribute mapping, proceed further with the test configuration or perform actual SSO from your service provider.

You can even configure the DNN SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, SalesForce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.

We also provide ASP.NET SAML Single Sign-On module for setting up Single Sign-On to your ASP.NET Custom Applications. Click Here to know more.

miniOrange also provides you modules for integration with legacy apps such as Active Directory, SiteMinder, Radius, Unix and so on. Using SAML, OAuth, OpenID, ADFS, and WSFED protocols, we can also help you add login/authentication to your Umbraco site.

Additional Resources:

• Web3 login for ASP.NET Applications
• ASP.NET SAML Single Sign-On (SSO)
• ASP.NET as OAuth Client
• nopCommerce SAML Single Sign-On (SSO)
• DNN SAML Single Sign-On (SSO)
• DNN REST API Authentication