nopCommerce SAML Single Sign-On (SSO) using Keycloak as IDP | Keycloak SSO


nopCommerce SAML Single Sign-On (SSO) plugin gives the ability to enable SAML Single Sign-On for your nopCommerce applications. Using Single Sign-On you can use only one password to access your nopCommerce application and services. Our plugin is compatible with all the SAML compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and Keycloak considering Keycloak as IdP. To know more about the features we provide for nopCommerce SSO, click here.

Pre-requisites : Download And Installation

    Download from nopCommerce Dashboard
  • To download the plugin zip, login as admin into your nopCommerce store. In the admin dashboard, go to Configuration Tab > All Plugins and Themes or search for All Plugins and Themes in the Admin search bar.
  • Search for the SAML Single Sign-On (SSO) - miniOrange plugin and click the Download button to get the zip.
  • nopCommerce Single Sign-On (SSO) - install plugin
    From nopCommerce marketplace
  • You can download the plugin zip file from nopCommerce store - nopCommerce SAML Single Sign-On (SSO)
  • To install the plugin, login as admin into your nopCommerce website. In the admin dashboard, go to Configuration Tab >> Local plugins.
  • On the top right corner of the page select the Upload plugin or theme button to upload the downloaded plugin zip. Follow the instructions further to install the plugin.

Steps to configure nopCommerce Single Sign-On (SSO) using Keycloak as Identity Provider

1. Configure Keycloak as IDP

  • You need to send your SP metadata to identity provider, Keycloak. For SP metadata, use the SP metadata URL or download the SP metadata as a .xml file and upload it at your IdP end. You can find both these options under the Service Provider Metadata tab.
  • nopcommerce Single Sign On (SSO) service provider spmetadata
  • Alternatively, you can manually add the SP Entity ID and ACS URL from Service Provider metadata tab in the plugin to your IdP configurations.
  • nopcommerce Single Sign On (SSO) service provider sptable
  • In your Keycloak Admin console, select the realm that you want to use.
  • Click on Clients from the left menu and then click on Create button to create a new client/application.
  • nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login
  • Enter SP-EntityID / Issuer as the Client ID from the "Service Provider Metadata" Tab and select SAML as the Client Protocol.
  • nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login
  • Now click on Save.
  • Configure Keycloak by providing the required details:
  • Client ID The SP-EntityID / Issuer from the plugin's Service Provider Metadata tab
    Name Provide a name for this client
    Description Provide a description
    Client Signature Required OFF
    Force POST Binding OFF
    Force Name ID Format OFF
    Name ID Format Email
    Root URL Leave empty or Provide Base URL from Service Provider Metadata tab
    Valid Redirect URIs The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Metadata tab
    nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login
  • Under Fine Grain SAML Endpoint Configuration, Enter the following details:
  • Assertion Consumer Service POST Binding URL The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Metadata tab
    Logout Service Redirect Binding URL (Optional) The Single Logout URL from the plugin's Service Provider Metadata tab
    nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login
  • Click on Save.
Add Mapper
  • Navigate to Mappers tab and click on Add Builtin button.
  • nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login
  • Select the checkboxes of X500 givenName, X500 surname and X500 email attributes.
  • Keycloak Login - Add built-in protocol mapper - Keycloak SAML Single Sign-On(SSO) for nopCommerce - Keycloak nopCommerce SSO Login
  • Click on Add Selected button. You will see the mappings that are added below.
  • nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login
Download setup file
  • Navigate to Realm Settings, click on SAML 2.0 Identity Provider Metadata mentioned as Endpoints in the General Tab.
  • nopCommerce SAML Single Sign-On (SSO) - Keycloak nopCommerce SSO Login
  • Note the URL and keep it handy. That will provide you with the Endpoints required to configure the plugin.

You have successfully configured Keycloak as SAML IdP ( Identity Provider) for achieving Keycloak login / Keycloak SSO / Keycloak Single Sign-On (SSO), ensuring secure Login into nopCommerce application.

2. Configure nopCommerce as SP (SSO Plugin)

  • After configuring SP metadata in IDP, you will have to configure IDP metadata in the plugin.
  • To configure the IDP metadata, there are two methods:
  • To upload IdP's metadata, you can use the Upload IdP metadata button, if you have the IdP metadata URL or the IdP metadata .xml file.
  • nopCommerce Single Sign On (SSO) - upload IDP metadata
  • Alternatively, you can copy the IDP Entity ID and Single Sign-On Url values from the IdP and fill them up under the Identity Provider Settings tab.
  • nopCommerce Single Sign On (SSO) - IDP Settings

3. Test Configuration

  • Click the Test Configuration button to verify if you have configured the plugin correctly.
  • On successful configuration, you will get Attribute Name and Attribute Values in Test Configuration window.
  • nopCommerce Single Sign On (SSO) - Test Configuration

4. Attribute Mapping

  • Map Attribute Names provided by your IdP with your store attributes, under Attribute/Role Mapping tab.
  • Click on Save button.
  • nopCommerce Single Sign On (SSO) - Attribute Mappings

5. Enabling SSO in your nopCommerce store

  • Under the Redirection & SSO link tab, use the URL labeled as Your Store SSO Link in your store to initiate the SSO.
  • Please make sure the Enable SSO checkbox is enabled under the Identity Provider Tab.
  • nopCommerce Single Sign On (SSO) - Add SSO functionality

Additional Resources

Need Help?

Not able to find your identity provider? Mail us on nopcommercesupport@xecurify.com and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com