nopCommerce OAuth Single Sign-On (SSO) with Okta as IDP

Overview

nopCommerce OAuth Single Sign-On (SSO) plugin gives the ability to enable OAuth Single Sign-On for your nopCommerce store using Okta as the OAuth Provider. Using Single Sign-On you can use only one password to access your nopCommerce store and services. Our module is compatible with all the OAuth-compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and Okta.

Pre-requisites : Download And Installation

• Download the nopCommerce OAuth Single Sign-On (SSO) module.
• To install the plugin, login as admin into your nopCommerce store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.

• Click on the Upload plugin or theme button at the top right corner, then in the popup window, click Choose File, select the downloaded plugin ZIP file, and click Upload plugin or theme to proceed.

• After uploading the plugin, click on Restart Application to apply the changes. Once the application restarts, you will see the plugin listed below. Click on the Install button to install it, and then click Restart Application again to apply the changes.

Configuration Steps

Step by Step guide for nopCommerce OAuth SSO using Okta as Identity Provider.

• After successful installation, locate the plugin in the list and click on the Configure button to proceed with the setup.

1. Activate the SAML Plugin using License Key

• On clicking Configure, you will be redirected to the license activation page, and you will receive a trial license key on your registered email.
• If you have not received the license key on your provided email, use the Download License Key button in the plugin to download the license file.

• To activate the plugin, you can either:
  • Enter the license key received via email in the provided input field.

  OR

  • Upload the license file that you downloaded using the button mentioned above.

• Then, check the box "I have read the above conditions and I want to activate the middleware", and click Activate License button.

2. Configure nopCommerce Callback URL in Okta

• After successful license activation, the plugin dashboard will open as shown below.
• Click on the Add New IDP button to configure a new Identity Provider.

• Under the Plugin Settings tab, select Okta as your Identity Provider from the list.

• After selecting your Identity Provider from the list, the Identity Provider Configuration page will open.
• In the Identity Provider Settings tab, you will find the Callback URL under the Redirect URLs section.
• Copy this URL and keep it handy, as it will be required while configuring the Identity Provider.
• You can also copy the Logout Redirection URL from the Redirect URLs section for Identity Provider configuration.

• First of all, go tohttps://www.okta.com/login and log into your Okta account.

• Go to the Okta Admin panel. Go to Applications -> Applications.

• You will get the following screen. Click on Create App Integration button.

• Select sign in method as the OIDC - OpenID Connect option and select Application type as web application, click on Next button.

• You will be redirected to the app details page. Enter App integration name and Sign-in redirect URIs. You will get that from miniOrange nopCommerce OAuth Plugin

• Scroll down and you will see the Assignments section. Choose a controlled access option and uncheck the Enable immediate access with Federation Broker Mode option. Click on Save button.

• Now you will get the Client credentials and okta domain. Copy these credentials in miniorange nopCommerce OAuth Plugin configuration on corresponding fields.

• Go to Applications tab and Click on your application.

• Select the Assignments tab.

• Click Assign and select Assign to People.

• If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]

• Click Assign next to a user name.

• Click Save and Go Back.

• Click Done.

• In your Okta admin dashboard, navigate to Security -> API.

• Select your SSO application and click on the edit icon.

• Go to claims tab and select the ID token option.

• Click on Add claim button.

• Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.

• Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.

You have successfully configured Okta as OAuth Server (identity provider) for achieving SSO login into your nopCommerce application.

3. Configure Identity Provider Client ID, Client Secret, and Endpoints in nopCommerce

• In the Identity Provider Settings tab, scroll down to the Provider Configuration section.
• Under the Provider Configuration section, enter the IdP Name and provide the Client ID and Client Secret obtained from the Okta application.

• Enter the required endpoints such as Authorization Endpoint, Token Endpoint, Resource Endpoint, and Logout Endpoint in the Endpoints section.
• Enter the Endpoints mentioned in the below table

Authorize Endpoint:	https://{yourOktaDomain}.com/oauth2/v1/authorize
Access Token Endpoint:	https://{yourOktaDomain}.com/oauth2/v1/token
Resource Endpoint:	https://{yourOktaDomain}.com/oauth2/v1/resource

• Click on the Save Settings button to save your configuration.

4. Testing OAuth SSO

• After entering the Client ID, Client Secret, and endpoint details, navigate back to the Dashboard. Click on the three dots (⋮) next to the configured Identity Provider and select Test Configuration.

• On successful configuration, you will get attributes name and attribute values in the test configuration window.

5. Attribute Mapping

• Under Attribute/Role Mapping tab, map the attribute names provided by your identity provider with your nopcommerce store attributes.
• Click on Save button.

• In the Attribute/Role Mapping tab, scroll down to the Default Role Mapping section and select the role from the Choose Role dropdown that you want to assign to users by default. Then, click on Save.

6. Adding SSO link for your nopCommerce store

• After saving the attribute mapping, navigate back to the Dashboard. Click on the three dots (⋮) next to the configured Identity Provider and select SSO Link.
• The SSO link will be copied automatically, and a “Copied to clipboard” notification will be displayed.

Related Articles

• nopCommerce SAML SSO
• nopCommerce Two Factor Authentication
• nopCommerce OAuth SSO with ADFS as IDP