nopCommerce SAML Single Sign-On (SSO)
plugin gives the ability to enable SAML Single Sign-On for your nopCommerce
applications. Using Single Sign-On you can use only one password to access
your nopCommerce application and services. Our plugin is compatible with all
the SAML compliant identity providers. Here we will go through a step-by-step
guide to configure Single Sign-On (SSO) between nopCommerce and Keycloak
considering Keycloak as IdP. To know more about the features we provide for
nopCommerce SSO, click
here.
Pre-requisites : Download And Installation
Download from nopCommerce Dashboard
-
To download the plugin zip, login as admin into your nopCommerce store. In
the admin dashboard, go to Configuration Tab > All Plugins and
Themes or search for All Plugins and Themes in the Admin search bar.
-
Search for the SAML Single Sign-On (SSO) - miniOrange plugin and
click the Download button to get the zip.
From nopCommerce marketplace
-
You can download the plugin zip file from nopCommerce store -
nopCommerce SAML Single Sign-On (SSO)
-
To install the plugin, login as admin into your nopCommerce website. In the
admin dashboard, go to Configuration Tab >> Local plugins.
-
On the top right corner of the page select the
Upload plugin or theme button to upload the downloaded plugin zip.
Follow the instructions further to install the plugin.
Steps to configure nopCommerce Single Sign-On (SSO) using Keycloak as Identity
Provider
1. Configure Keycloak as IDP
-
You need to send your SP metadata to identity provider, Keycloak. For SP
metadata, use the SP metadata URL or download the SP metadata as a .xml file
and upload it at your IdP end. You can find both these options under the
Service Provider Metadata tab.
-
Alternatively, you can manually add the SP Entity ID and ACS URL from
Service Provider metadata tab in the plugin to your IdP
configurations.
-
In your Keycloak Admin console, select the realm that you want to
use.
-
Click on Clients from the left menu and then click on
Create button to create a new client/application.
-
Enter SP-EntityID / Issuer as the
Client ID from the "Service Provider Metadata" Tab and
select SAML as the Client Protocol.
- Now click on Save.
- Configure Keycloak by providing the required details:
Client ID |
The
SP-EntityID / Issuer from
the plugin's Service Provider Metadata tab
|
Name |
Provide a name for this client |
Description |
Provide a description |
Client Signature Required |
OFF |
Force POST Binding |
OFF |
Force Name ID Format |
OFF |
Name ID Format |
Email |
Root URL |
Leave empty or Provide Base URL from Service Provider Metadata tab
|
Valid Redirect URIs |
The
ACS (Assertion Consumer Service) URL from the plugin's Service Provider Metadata tab
|
-
Under Fine Grain SAML Endpoint Configuration, Enter the
following details:
Assertion Consumer Service POST Binding URL |
The ACS (Assertion Consumer Service) URL from the
plugin's Service Provider Metadata tab
|
Logout Service Redirect Binding URL (Optional) |
The Single Logout URL from the plugin's Service
Provider Metadata tab
|
- Click on Save.
Add Mapper
-
Navigate to Mappers tab and click on Add Builtin button.
-
Select the checkboxes of X500 givenName, X500 surname and
X500 email attributes.
-
Click on Add Selected button. You will see the mappings that are
added below.
Download setup file
-
Navigate to Realm Settings, click on
SAML 2.0 Identity Provider Metadata mentioned as Endpoints
in the General Tab.
-
Note the URL and keep it handy. That will provide you with the
Endpoints required to configure the plugin.
You have successfully configured Keycloak as SAML IdP ( Identity Provider) for
achieving Keycloak login / Keycloak SSO / Keycloak Single Sign-On (SSO),
ensuring secure Login into nopCommerce application.
2. Configure nopCommerce as SP (SSO Plugin)
-
After configuring SP metadata in IDP, you will have to configure IDP
metadata in the plugin.
- To configure the IDP metadata, there are two methods:
-
To upload IdP's metadata, you can use the
Upload IdP metadata button, if you have the IdP metadata URL or the
IdP metadata .xml file.
-
Alternatively, you can copy the IDP Entity ID and Single Sign-On Url values
from the IdP and fill them up under the
Identity Provider Settings tab.
3. Test Configuration
-
Click the Test Configuration button to verify if you have configured
the plugin correctly.
-
On successful configuration, you will get Attribute Name and Attribute
Values in Test Configuration window.
4. Attribute Mapping
-
Map Attribute Names provided by your IdP with your store attributes, under
Attribute/Role Mapping tab.
- Click on Save button.
5. Enabling SSO in your nopCommerce store
-
Under the Redirection & SSO link tab, use the URL labeled as
Your Store SSO Link in your store to initiate the SSO.
-
Please make sure the Enable SSO checkbox is enabled under the
Identity Provider Tab.
Additional Resources
Need Help?
Not able to find your identity provider? Mail us on
nopcommercesupport@xecurify.com
and we'll help you set up SSO with your IDP and for quick guidance (via
email/meeting) on your requirement and our team will help you to select the
best suitable solution/plan as per your requirement.