DNN SAML IDP Single Sign-On Setup Guides

Steps to Configure DNN as SAML IDP Module

Step 1: Download and extract the package

• Download DNN SAML Identity Provider (IDP) module.
• Extract the package and upload the installation package dnn-saml-single-sign-on-sso-idp_xxx_Install by going in Settings > Extension > Install Extension.

Step 2: Adding module on DNN page.

• Open any of the page on your DNN site (Edit mode) and Click on Add Module.

• Search for moDNNSAMLIDP and click on the moDNNSAMLIDP. Drag and drop the module on the page where you want.

• You have finished with the Installation of the module on your DNN site.

Step 3: Add SAML application for your Service Provider

• To add an application for your Service Provider in the IDP module, you will need to provide SP Entity ID and ACS URL values. You can get this metadata from your service provider. Just copy these values from Service Provider metadata and paste it under the SP Entity ID and ACS URL fields in the Service Provider Settings section.You can refer to the image below.

• Once configured service provider metadata, Update the module settings

Step 4: Attribute Mapping

• In this steps you will map the DotNetNuke user attribute to be sent in the response to the Service Provider.
• NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username of Email Address. You can select which user attribute you want to send in the NameID.
• NameID Format defines the format of subject element content, i.e. NameID. For example, Email Address NameID Format defines that the NameID is in the form of an email address, specifically “addr-spec”. An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”. If NameID Format is not externally specified by SP, leave it unspecified
• You can add other attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, fullname, username, email, custom profile attributes etc.

Step 5: Role/Group Mapping

• You can add roles/groups for a DNN user to be sent in SAML Assertion to SP. To send roles/groups in SAML assertion just add Attribute Name in Name field under Group/Role Mapping section. e.g. you can Attribute Name as roles.

Step 6: Configure your Service Provider

• After adding application for your service provider, you can provide the IdP metadata that is IDP Entity ID, IDP Single Sign On URL and x.509 Certificate to your service provider. You can find IdP metadata under the IdP Metadata section

• Once the IdP metadata is configured on service provider side, you can check if everything has configured correctly by performing SSO or Test Configuration.