nopCommerce SAML Single Sign-On (SSO) with ADFS as IDP
nopCommerce SAML Single Sign-On (SSO)
plugin gives the ability to enable SAML Single Sign-On for your nopCommerce
applications. Using Single Sign-On you can use only one password to access
your nopCommerce application and services. Our plugin is compatible with all
the SAML compliant identity providers. Here we will go through a step-by-step
guide to configure Single Sign-On (SSO) between nopCommerce and ADFS
considering ADFS as IdP. To know more about the features we provide for
nopCommerce SSO, click
Pre-requisites : Download And Installation
Download from nopCommerce Dashboard
To download the plugin zip, login as admin into your nopCommerce store. In
the admin dashboard, go to Configuration Tab > All Plugins and
Themes or search for All Plugins and Themes in the Admin search bar.
Search for the SAML Single Sign-On (SSO) - miniOrange plugin and
click the Download button to get the zip.
To install the plugin, login as admin into your nopCommerce website. In the
admin dashboard, go to Configuration Tab >> Local plugins.
On the top right corner of the page select the
Upload plugin or theme button to upload the downloaded plugin zip.
Follow the instructions further to install the plugin.
Steps to configure nopCommerce Single Sign-On (SSO) using ADFS as Identity
1. Configure ADFS as IDP
You need to send your SP metadata to identity provider, ADFS. For SP
metadata, use the SP metadata URL or download the SP metadata as a .xml file
and upload it at your IdP end. You can find both these options under the
Service Provider Metadata tab.
Alternatively, you can manually add the SP Entity ID and ACS URL from
Service Provider metadata tab in the plugin to your IdP
On ADFS, search for ADFS Management application.
In AD FS Management, select Relying Party Trust and click on
Add Relying Party Trust.
Select Claims aware from the Relying Party Trust Wizard and click on
Select Data Source
In Select Data Source, select the data source for adding a relying party
Navigate to Service Provider Metadata tab from the plugin and
click on the Download XML metadata button to download the plugin
Select Import data about the relying party from a file option and
upload the downloaded metadata file.
Click on Next.
Note: In the next step enter the desired
Display Name and click Next.
Navigate to Service Provider Metadata tab of the plugin to get
the endpoints to configure Service Provider manually.
In Add Relying Party Trust Wizard select option
Enter data about the relying party manually and click on
Specify Display Name
Enter Display Name and Click Next.
Configure Certificate (Premium feature)
Download the certificate from Service Provider Metadata Tab.
Upload the certificate and click on Next.
Select Enable support for the SAML 2.0 WebSSO protocol option
and enter ACS URLfrom the plugin's
Service Provider Metadata Tab.
Click on Next.
In the Relying party trust identifier, add the
SP-EntityID / Issuer from the plugin's
Service Provider Metadata tab.
Choose Access Control Policy
Select Permit everyone as an Access Control Policy and click on
Ready to Add Trust
In Ready to Add Trust click on Next and then Close.
Edit Claim Issuance Policy
In the list of Relying Party Trust, select the application you
created and click on Edit Claim Issuance Policy.
In Issuance Transform Rule tab click on Add Rule button.
Choose Rule Type
Select Send LDAP Attributes as Claims and click on Next.
Configure Claim Rule
Add a Claim Rule Name and select the Attribute Store as
required from the dropdown.
Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP
Attribute as E-Mail-Addresses and Outgoing Claim Type as
Once you have configured the attributes, click on Finish.
After configuring ADFS as IDP, you will need the
Federation Metadata to configure your Service Provider.
To get the ADFS Federation Metadata, you can use this URL https://< ADFS_Server_Name
You have successfully configured ADFS as SAML IdP (Identity Provider) for
achieving ADFS Single Sign-On (SSO) Login
Windows SSO (Optional)
Steps to configure ADFS for Windows Authentication
Open elevated Command Prompt on the ADFS Server and execute the following
command on it:
setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##
FQDN is Fully Qualified Domain Name (Example : adfs4.example.com)
Domain Service Account is the username of the account in AD.
Example : setspn -a HTTP/adfs.example.com username/domain
Open AD FS Management Console, click on Services and go to
the Authentication Methods section. On the right, click on
Edit Primary Authentication Methods. Check Windows
Authentication in Intranet zone.
Open Internet Explorer. Navigate to Security tab in Internet Options.
Add the FQDN of AD FS to the list of sites in Local Intranet and restart the
Select Custom Level for the Security Zone. In the list of options, select
Automatic Logon only in Intranet Zone.
Open the powershell and execute following two commands to enable windows
authentication in Chrome browser.
You have successfully configured ADFS for Windows Authentication.
2. Configure nopCommerce as SP (SSO Plugin)
Note: After installation of the plugin, we need to setup the trust
between your nopCommerce application and your ADFS account. SAML metadata is
shared with ADFS so they can update their inbuilt configuration to support
2.1: Share SP SAML metadata with ADFS
Click on Add New IDP to configure nopCommerce Single Sign-On (SSO)
using ADFS as IDP.
Under Service Provider Metadata tab, you can either copy-paste the
metadata URL on your IDP side or download the SP metadata as
an XML file. Additionally, you have the choice to manually copy and paste
Base URL, SP Entity ID, and ACS URL.
Share SAML metadata with ADFS.
2.2: Import ADFS SAML metadata
Under Identity Provider Settings tab, select ADFS as your
preferred identity provider.
There are two methods for configuring nopCommerce as service provider:
To upload IDP's metadata, you can either provide the
metadata URL or upload XML file.
Alternatively, under the Identity Provider Settings tab, you can
manually fill in the mandatory fields like IDP Name,
IDP Entity ID and Single Sign-On URL and hit Save.
3. Testing SAML SSO
Before testing, please ensure the following:
The nopCommerce (SP) SAML metadata has been exported to ADFS (IDP).
Importing the ADFS (IDP) SAML metadata in nopCommerce (SP).
Hover on Select Action and click on the
Test Configuration button to verify if you have configured the plugin
Click the Test Configuration button to verify if you have configured
the plugin correctly.
On successful configuration, you will get Attribute Name and Attribute
Values in Test Configuration window.
4. Attribute Mapping
After successful test configuration, click on
Edit Configuration and navigate to Attribute Mapping section.
On the right side, you can see the IDP response table, map attribute names
provided by your IDP with your store attributes, under
Attribute/Role Mapping tab.
Click on Save button.
5. Enabling SSO in your nopCommerce store
Enable SSO for your nopCommerce store by dragging the slider as shown below.
Under the Redirection & SSO link tab, use the URL labeled as
Your Store SSO Link in your store to initiate the SSO.
Not able to find your identity provider? Mail us on
and we'll help you set up SSO with your IDP and for quick guidance (via
email/meeting) on your requirement and our team will help you to select the
best suitable solution/plan as per your requirement.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.