Search Results :

×

nopCommerce OAuth Single Sign-On (SSO) with Cognito as OAuth Provider


nopCommerce OAuth Single Sign-On (SSO) module gives the ability to enable OAuth Single Sign-On for your nopCommerce store or site. Using Single Sign-On you can use only one password to access your nopCommerce store or site and services. Our module is compatible with all the OAuth-compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and Cognito considering Cognito as OAuth Provider.

Pre-requisites: Download and Installation

  • Download the nopCommerce OAuth Single Sign-On (SSO) module.
  • To install the plugin, login as admin into your nopCommerce site or store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.
  • On the top right corner of the page select the Upload plugin or theme button to upload the downloaded plugin zip. Follow the instructions further to install the plugin.

Steps to configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as OAuth Provider

1. Configure Amazon Cognito as IDP

  • Go to Amazon Console and sign up/login in your account to Configure Amazon Cognito.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Amazon Cognito as IDP - Login to Amazon Console
  • Search for Cognito in the AWS Services search bar as shown below.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Amazon Cognito as IDP - Search for Cognito
  • Click on Create a user pool to create a new user pool.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Amazon Cognito as IDP - click on create user pool
  • Choose the attributes in your user pool to be used during the sign-in process
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Amazon Cognito as IDP - configure sign in experience
  • Set up a strong password to configure your security requirements. Go ahead with the ‘No MFA’ option if you want users to only sign in with a single authentication factor. If you wish to enable MFA (Multi-factor authentication) it will require SMS messages which are charged separately by Amazon SNS. Learn more about that here. Click Next.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Amazon Cognito as IDP - set up a strong password Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - sign in with a single authentication factor
  • Configure attributes that would be required during the user sign-up flow.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - configure sign up experinece
  • Choose additional attributes if you wish to. Click Next.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - configure attributes for user sign up flow
  • Configure how your user pool sends email messages to users.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - configure message delivery
  • Enter a name for your user pool, Also Under Hosted authentication pages, check ‘Use the Cognito Hosted UI’.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - enter a name for your user pool
  • Now, Under the Domain section choose the domain type as ‘Use a Cognito domain’. Enter a domain name for your Cognito app.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP -enter a domain name
  • Under the Initial app client section, Enter a name for your app client and check on Generate a client secret.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - enter a name for your app client
  • Now enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side and paste it under the Allowed callback URLs text-field. Also refer the following image for choosing the authentication flows for your app.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - enter your callback url
  • Now, Under Advanced app client settings. Select Identity provider as Cognito user pool & Select Authorization code grant under the OAuth 2.0 grant types and also select openid, email and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below). Click on the Next button to save your configurations.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - advanced app client settings
  • Now, review your selection of requirements. Click Create user pool to confirm the selection and create a user pool.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - review your selection of requirements Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - main application client settings
  • After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - select your pool name
  • Go to the Users tab, and click Create user.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - create user
  • Enter details such as username, email address & password. Click on Create user to save the details.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - enter username email password
  • After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'App Integration' section and copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. This should be entered into the endpoints field under in the miniOrange nopCommerce OAuth plugin.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - app integration tab
  • To get the Client ID and Client Secret, stay on the same 'App Integration' tab and scroll down to the 'App clients and analytics' section. Click on your App client name to see the Client ID and Client Secret.
  • Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - app clients and analytics Configure nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - client id client secret

You have successfully configured Cognito as OAuth Server (identity provider) for achieving SSO login into your nopCommerce store or application.

2. Configure nopCommerce as SP

  • Under the Configure OAuth/OIDC tab, select AWS Cognito from the list of identity providers shown below
  • nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - SAML-compliant identity providers list
  • When you are done configuring your identity provider, you will get client ID, client secret and all required authentication endpoints.
  • Copy the Redirect/Callback URL from the plugin and provide it to your identity provider to configure it on their side.
  • Fill the rest acquired details into the corresponding fields shown below:
  • Click on Save.
  • Note: Please make sure the Enable SSO checkbox is ticked.
  • Please refer the below table for configuring the scope & endpoints for Amazon Cognito in the plugin.

    App Name cognito
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get User Info Endpoint: https://<cognito-app-domain>/oauth2/userInfo
    Custom redirect URL after logout:[optional] https://<cognito-app-domain>/logout?client_id=<Client-ID>&logout_uri=<Sign out URL configured in Cognito Portal>
  • nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - Fill in identity provider's endpoints

3. Testing OAuth SSO

  • Click on Test Configuration to verify if you have configured the plugin correctly.
  • On successful configuration, you will get attributes name and attribute values in the test configuration window.
  • nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - Testing OAuth SSO test configuration

4. Attribute Mapping

  • Under Attribute/Role Mapping tab, map the attribute names provided by your identity provider with your nopcommerce store attributes.
  • Click on Save button.
  • nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - Attribute Mapping

5. Adding SSO link for your nopCommerce store

  • Under the Redirection & SSO Link tab, use the URL labelled as Your Store SSO Link in your store to initiate the SSO.
  • nopCommerce OAuth Single Sign-On (SSO) using Cognito as IDP - Attribute Mapping

You can even configure the Umbraco SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.

Additional Resources


Need Help?

Not able to find your identity provider? Mail us on nopcommercesupport@xecurify.com and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com