nopCommerce OAuth Single Sign-On (SSO) with Cognito as IDP

Overview

nopCommerce OAuth Single Sign-On (SSO) plugin gives the ability to enable OAuth Single Sign-On for your nopCommerce store using Cognito as the OAuth Provider. Using Single Sign-On you can use only one password to access your nopCommerce store and services. Our module is compatible with all the OAuth-compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and Cognito.

Pre-requisites : Download And Installation

• Download the nopCommerce OAuth Single Sign-On (SSO) module.
• To install the plugin, login as admin into your nopCommerce store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.

• Click on the Upload plugin or theme button at the top right corner, then in the popup window, click Choose File, select the downloaded plugin ZIP file, and click Upload plugin or theme to proceed.

• After uploading the plugin, click on Restart Application to apply the changes. Once the application restarts, you will see the plugin listed below. Click on the Install button to install it, and then click Restart Application again to apply the changes.

Configuration Steps

Step by Step guide for nopCommerce OAuth SSO using Cognito as Identity Provider.

• After successful installation, locate the plugin in the list and click on the Configure button to proceed with the setup.

1. Activate the SAML Plugin using License Key

• On clicking Configure, you will be redirected to the license activation page, and you will receive a trial license key on your registered email.
• If you have not received the license key on your provided email, use the Download License Key button in the plugin to download the license file.

• To activate the plugin, you can either:
  • Enter the license key received via email in the provided input field.

  OR

  • Upload the license file that you downloaded using the button mentioned above.

• Then, check the box "I have read the above conditions and I want to activate the middleware", and click Activate License button.

2. Configure nopCommerce Callback URL in Cognito

• After successful license activation, the plugin dashboard will open as shown below.
• Click on the Add New IDP button to configure a new Identity Provider.

• Under the Plugin Settings tab, select Cognito as your Identity Provider from the list.

• After selecting your Identity Provider from the list, the Identity Provider Configuration page will open.
• In the Identity Provider Settings tab, you will find the Callback URL under the Redirect URLs section.
• Copy this URL and keep it handy, as it will be required while configuring the Identity Provider.
• You can also copy the Logout Redirection URL from the Redirect URLs section for Identity Provider configuration.

• Go to Amazon Console and sign up/login in your account to Configure Amazon Cognito.

• Search for Cognito in the AWS Services search bar as shown below.

• Click on Create a user pool to create a new user pool.

• Choose the attributes in your user pool to be used during the sign-in process

• Set up a strong password to configure your security requirements. Go ahead with the ‘No MFA’ option if you want users to only sign in with a single authentication factor. If you wish to enable MFA (Multi-factor authentication) it will require SMS messages which are charged separately by Amazon SNS. Learn more about that here. Click Next.

• Configure attributes that would be required during the user sign-up flow.

• Choose additional attributes if you wish to. Click Next.

• Configure how your user pool sends email messages to users.

• Enter a name for your user pool, Also Under Hosted authentication pages, check ‘Use the Cognito Hosted UI’.

• Now, Under the Domain section choose the domain type as ‘Use a Cognito domain’. Enter a domain name for your Cognito app.

• Under the Initial app client section, Enter a name for your app client and check on Generate a client secret.

• Now enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side and paste it under the Allowed callback URLs text-field. Also refer the following image for choosing the authentication flows for your app.

• Now, Under Advanced app client settings. Select Identity provider as Cognito user pool & Select Authorization code grant under the OAuth 2.0 grant types and also select openid, email and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below). Click on the Next button to save your configurations.

• Now, review your selection of requirements. Click Create user pool to confirm the selection and create a user pool.

• After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.

• Go to the Users tab, and click Create user.

• Enter details such as username, email address & password. Click on Create user to save the details.

• After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'App Integration' section and copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. This should be entered into the endpoints field under in the miniOrange nopCommerce OAuth plugin.

• To get the Client ID and Client Secret, stay on the same 'App Integration' tab and scroll down to the 'App clients and analytics' section. Click on your App client name to see the Client ID and Client Secret.

You have successfully configured Cognito as OAuth Server (identity provider) for achieving SSO login into your nopCommerce store or application.

3. Configure Identity Provider Client ID, Client Secret, and Endpoints in nopCommerce

• In the Identity Provider Settings tab, scroll down to the Provider Configuration section.
• Under the Provider Configuration section, enter the IdP Name and provide the Client ID and Client Secret obtained from the Cognito application.

• Enter the required endpoints such as Authorization Endpoint, Token Endpoint, Resource Endpoint, and Logout Endpoint in the Endpoints section.
• Please refer the below table for configuring the endpoints Amazon Cognito in the plugin

Authorize Endpoint:	https://<cognito-app-domain>/oauth2/authorize
Access Token Endpoint:	https://<cognito-app-domain>/oauth2/token
Resource Endpoint:	https://<cognito-app-domain>/oauth2/resource

• Click on the Save Settings button to save your configuration.

4. Testing OAuth SSO

• After entering the Client ID, Client Secret, and endpoint details, navigate back to the Dashboard. Click on the three dots (⋮) next to the configured Identity Provider and select Test Configuration.

• On successful configuration, you will get attributes name and attribute values in the test configuration window.

5. Attribute Mapping

• Under Attribute/Role Mapping tab, map the attribute names provided by your identity provider with your nopcommerce store attributes.
• Click on Save button.

• In the Attribute/Role Mapping tab, scroll down to the Default Role Mapping section and select the role from the Choose Role dropdown that you want to assign to users by default. Then, click on Save.

6. Adding SSO link for your nopCommerce store

• After saving the attribute mapping, navigate back to the Dashboard. Click on the three dots (⋮) next to the configured Identity Provider and select SSO Link.
• The SSO link will be copied automatically, and a “Copied to clipboard” notification will be displayed.

Related Articles

• nopCommerce SAML SSO
• nopCommerce Two Factor Authentication
• nopCommerce OAuth SSO with ADFS as IDP