nopCommerce SAML Single Sign-On (SSO)
plugin gives the ability to enable SAML Single Sign-On for your nopCommerce
applications. Using Single Sign-On you can use only one password to access
your nopCommerce application and services. Our plugin is compatible with all
the SAML compliant identity providers. Here we will go through a step-by-step
guide to configure Single Sign-On (SSO) between nopCommerce and Salesforce
considering Salesforce as IdP. To know more about the features we provide for
nopCommerce SSO, click
here.
Pre-requisites : Download And Installation
Download from nopCommerce Dashboard
-
To download the plugin zip, login as admin into your nopCommerce store. In
the admin dashboard, go to Configuration Tab > All Plugins and
Themes or search for All Plugins and Themes in the Admin search bar.
-
Search for the SAML Single Sign-On (SSO) - miniOrange plugin and
click the Download button to get the zip.
From nopCommerce marketplace
-
You can download the plugin zip file from nopCommerce store -
nopCommerce SAML Single Sign-On (SSO)
-
To install the plugin, login as admin into your nopCommerce website. In the
admin dashboard, go to Configuration Tab >> Local plugins.
-
On the top right corner of the page select the
Upload plugin or theme button to upload the downloaded plugin zip.
Follow the instructions further to install the plugin.
Steps to configure nopCommerce Single Sign-On (SSO) using Salesforce as
Identity Provider.
1. Configure Salesforce as IDP
-
You need to send your SP metadata to identity provider, Salesforce. For SP
metadata, use the SP metadata URL or download the SP metadata as a .xml file
and upload it at your IdP end. You can find both these options under the
Service Provider Metadata tab.
-
Alternatively, you can manually add the SP Entity ID and ACS URL from
Service Provider metadata tab in the plugin to your IdP
configurations.
-
Log into your
Salesforce
account as admin.
-
Switch to Salesforce Lightning mode from profile menu and
then go to the Setup page by clicking on setup button.
-
From the left pane, select Settings Tab and click on
Identity Provider.
- Click on Enable Identity Provider.
-
In the Service Provider section, click on the link to
create the Service Provider using
Connected Apps.
-
Enter Connected App Name, API Name and
Contact Email.
| Connected App Name |
Provide a name for Connected App |
| API Name |
Provide a API name |
| Contact Email |
Provide a Contact Email |
-
Under the Web App Settings, check the
Enable SAML checkbox and enter the following values:
| Enable SAML |
Checked |
| Entity ID |
SP-EntityID / Issuer from
Service Provider Metadata tab of the Plugin
|
| ACS URL |
ACS (AssertionConsumerService) URL from
Service Provider Metadata tab of the Plugin
|
| Subject Type |
Username |
| Name ID Format |
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified |
- Click on Save to save the configuration.
-
Now from the left pane, under Platform Tools section select
Connected Apps.
-
Then select Manage Connected Apps and click on the app you
just created.
-
In the Profiles section click
Manage Profiles button.
-
Assign the Profiles you want to give access to log in
through this app.
-
Under SAML Login Information, click on
Download Metadata.
-
Keep this metadata handy for configuring the
Service Provider.
You have successfully configured Salesforce as SAML IdP (Identity Provider)
for achieving Salesforce SSO login into your nopCommerce application.
2. Configure nopCommerce as SP (SSO Plugin)
Note: After installation of the plugin, we need to setup the trust
between your nopCommerce application and your Salesforce account. SAML
metadata is shared with Salesforce so they can update their inbuilt
configuration to support Single Sign-On.
2.1: Share SP SAML metadata with Salesforce
-
Click on Add New IDP to configure nopCommerce Single Sign-On (SSO)
using Salesforce as IDP.
-
Under Service Provider Metadata tab, you can either copy-paste the
metadata URL on your IDP side or download the SP metadata as
an XML file. Additionally, you have the choice to manually copy and paste
Base URL, SP Entity ID, and ACS URL.
- Share SAML metadata with Salesforce.
2.2: Import Salesforce SAML metadata
-
Under Identity Provider Settings tab, select Salesforce as
your preferred identity provider.
-
There are two methods for configuring nopCommerce as service provider:
-
To upload IDP's metadata, you can either provide the
metadata URL or upload XML file.
-
Alternatively, under the Identity Provider Settings tab, you can
manually fill in the mandatory fields like IDP Name,
IDP Entity ID and Single Sign-On URL and hit Save.
3. Testing SAML SSO
- Before testing, please ensure the following:
-
The nopCommerce (SP) SAML metadata has been exported to Salesforce (IDP).
- Importing the Salesforce (IDP) SAML metadata in nopCommerce (SP).
-
Hover on Select Action and click on the
Test Configuration button to verify if you have configured the plugin
correctly.
-
Click the Test Configuration button to verify if you have configured
the plugin correctly.
-
On successful configuration, you will get Attribute Name and Attribute
Values in Test Configuration window.
4. Attribute Mapping
-
After successful test configuration, click on
Edit Configuration and navigate to Attribute Mapping section.
-
On the right side, you can see the IDP response table, map attribute names
provided by your IDP with your store attributes, under
Attribute/Role Mapping tab.
- Click on Save button.
5. Enabling SSO in your nopCommerce store
-
Enable SSO for your nopCommerce store by dragging the slider as shown below.
-
Under the Redirection & SSO link tab, use the URL labeled as
Your Store SSO Link in your store to initiate the SSO.
Additional Resources
Need Help?
Not able to find your identity provider? Mail us on
nopcommercesupport@xecurify.com
and we'll help you set up SSO with your IDP and for quick guidance (via
email/meeting) on your requirement and our team will help you to select the
best suitable solution/plan as per your requirement.
