Meet us at WordCamp Europe | ShopTalk | DrupalCon Conferences to explore our solutions. Know More
nopCommerce SAML Single Sign-On (SSO) with ADFS as IDP
nopCommerce SAML Single Sign-On (SSO) plugin gives the ability to enable SAML Single Sign-On for your nopCommerce applications. Using Single Sign-On you can use only one password to access your nopCommerce application and services. Our plugin is compatible with all the SAML compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and ADFS considering ADFS as IdP. To know more about the features we provide for nopCommerce SSO, click here.
Pre-requisites : Download And Installation
- To download the plugin zip, login as admin into your nopCommerce store. In the admin dashboard, go to Configuration Tab > All Plugins and Themes or search for All Plugins and Themes in the Admin search bar.
- Search for the SAML Single Sign-On (SSO) - miniOrange plugin and click the Download button to get the zip.
- You can download the plugin zip file from nopCommerce store - nopCommerce SAML Single Sign-On (SSO)
- To install the plugin, login as admin into your nopCommerce website. In the admin dashboard, go to Configuration Tab >> Local plugins.
- On the top right corner of the page select the Upload plugin or theme button to upload the downloaded plugin zip. Follow the instructions further to install the plugin.
Download from nopCommerce Dashboard
From nopCommerce marketplace
Steps to configure nopCommerce Single Sign-On (SSO) using ADFS as Identity Provider
1. Configure ADFS as IDP
- You need to send your SP metadata to identity provider, ADFS. For SP metadata, use the SP metadata URL or download the SP metadata as a .xml file and upload it at your IdP end. You can find both these options under the Service Provider Metadata tab.
- Alternatively, you can manually add the SP Entity ID and ACS URL from Service Provider metadata tab in the plugin to your IdP configurations.
- On ADFS, search for ADFS Management application.
- In AD FS Management, select Relying Party Trust and click on Add Relying Party Trust.
- Select Claims aware from the Relying Party Trust Wizard and click on Start button.
- In Select Data Source, select the data source for adding a relying party trust.
Select Data Source
Choose Access Control Policy
- Select Permit everyone as an Access Control Policy and click on Next.
Ready to Add Trust
- In Ready to Add Trust click on Next and then Close.
Edit Claim Issuance Policy
- In the list of Relying Party Trust, select the application you created and click on Edit Claim Issuance Policy.
- In Issuance Transform Rule tab click on Add Rule button.
Choose Rule Type
- Select Send LDAP Attributes as Claims and click on Next.
Configure Claim Rule
- Add a Claim Rule Name and select the Attribute Store as required from the dropdown.
- Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP Attribute as E-Mail-Addresses and Outgoing Claim Type as Name ID.
- Once you have configured the attributes, click on Finish.
- After configuring ADFS as IDP, you will need the Federation Metadata to configure your Service Provider.
-
To get the ADFS Federation Metadata, you can use this URL
https://< ADFS_Server_Name >/federationmetadata/2007-06/federationmetadata.xml - You have successfully configured ADFS as SAML IdP (Identity Provider) for achieving ADFS Single Sign-On (SSO) Login
Windows SSO (Optional)
Steps to configure ADFS for Windows Authentication
- Open elevated Command Prompt on the ADFS Server and execute the following command on it:
- Open AD FS Management Console, click on Services and go to the Authentication Methods section. On the right, click on Edit Primary Authentication Methods. Check Windows Authentication in Intranet zone.
- Open Internet Explorer. Navigate to Security tab in Internet Options.
- Add the FQDN of AD FS to the list of sites in Local Intranet and restart the browser.
- Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.
- Open the powershell and execute following two commands to enable windows authentication in Chrome browser.
- You have successfully configured ADFS for Windows Authentication.
setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##
FQDN is Fully Qualified Domain Name (Example : adfs4.example.com)
Domain Service Account is the username of the account in AD.
Example : setspn -a HTTP/adfs.example.com username/domain
Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Chrome")
Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents;
2. Configure nopCommerce as SP (SSO Plugin)
Note: After installation of the plugin, we need to setup the trust between your nopCommerce application and your ADFS account. SAML metadata is shared with ADFS so they can update their inbuilt configuration to support Single Sign-On.
2.1: Share SP SAML metadata with ADFS
- Click on Add New IDP to configure nopCommerce Single Sign-On (SSO) using ADFS as IDP.
- Under Service Provider Metadata tab, you can either copy-paste the metadata URL on your IDP side or download the SP metadata as an XML file. Additionally, you have the choice to manually copy and paste Base URL, SP Entity ID, and ACS URL.
- Share SAML metadata with ADFS.
2.2: Import ADFS SAML metadata
- Under Identity Provider Settings tab, select ADFS as your preferred identity provider.
- There are two methods for configuring nopCommerce as service provider:
- To upload IDP's metadata, you can either provide the metadata URL or upload XML file.
- Alternatively, under the Identity Provider Settings tab, you can manually fill in the mandatory fields like IDP Name, IDP Entity ID and Single Sign-On URL and hit Save.
3. Testing SAML SSO
- Before testing, please ensure the following:
- The nopCommerce (SP) SAML metadata has been exported to ADFS (IDP).
- Importing the ADFS (IDP) SAML metadata in nopCommerce (SP).
- Hover on Select Action and click on the Test Configuration button to verify if you have configured the plugin correctly.
- Click the Test Configuration button to verify if you have configured the plugin correctly.
- On successful configuration, you will get Attribute Name and Attribute Values in Test Configuration window.
4. Attribute Mapping
- After successful test configuration, click on Edit Configuration and navigate to Attribute Mapping section.
- On the right side, you can see the IDP response table, map attribute names provided by your IDP with your store attributes, under Attribute/Role Mapping tab.
- Click on Save button.
5. Enabling SSO in your nopCommerce store
- Enable SSO for your nopCommerce store by dragging the slider as shown below.
- Under the Redirection & SSO link tab, use the URL labeled as Your Store SSO Link in your store to initiate the SSO.
Additional Resources
- nopCommerce OAuth Single Sign-On (SSO)
- Web3 Login for ASP.NET Applications
- ASP.NET SAML Single Sign-On (SSO)
- ASP.NET OAuth Single Sign-On (SSO)
- DNN SAML Single Sign-On (SSO)
- DNN REST API Authentication
- Kentico SAML Single Sign-On (SSO)
Need Help?
Not able to find your identity provider? Mail us on nopcommercesupport@xecurify.com and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
×
![ADFS_sso]()
Trending searches:
Hello there!
Need Help? We are right here!
