DNN OAuth Single Sign-On (SSO) Using AWS Cognito As OAuth Provider

DNN OAuth Single Sign-On (SSO) module gives the ability to enable OAuth Single Sign-On for your DotNetNuke site. Using Single Sign-On you can use only one password to access your DotNetNuke site and services. Our module is compatible with all the OAuth compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DNN and OneLogin considering OneLogin as OAuth Provider. To know more about the other features we provide for DNN OAuth Single Sign-On (SSO), click here.

Pre-requisites: Download and Installation

• Download the DNN Oauth Single Sign On module with above link.
• Extract the package and upload the extension dnn-oauth-single-sign-on_xxx_Install by going to Settings > Extension > Install Extension

1. Adding Module on DNN page

• Open any of the page on your DNN site (Edit mode) and Click on Add Module.

• Search for oauthclientsso and click on the oauthclientsso. Drag and drop the module on the page where you want.

• You have finished with the Installation of the module on your DNN site.
• If you want to add module on every page of your dnn site, go to Module Settings >> Module Settings >> Advanced Settings.

• Check the box for Display Module on All Pages and click on Update.

2. Configure AWS Cognito as OAuth Provider

• Go to Module Settings >> oauthclientsso Settings
• You can see the Oauth / Openid providers list.

• Search your OAuth Provider application here 'AWS Cognito' or click on your OAuth Provider application from the given applications.
• If your Application/ Server Name is not there in default list. You can click on Custom OAuth 2.0 App or Custom OpenID Connect App to add custom OAuth/OpenID Connect Server.
• Note: For Default Applications in the default list, endpoints and scopes are auto-filled. But you can change it if required.
• To configure OAuth Provider application, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.
• Search for Cognito in the AWS Services search bar as shown below.

• Click on Mange User Pools button to see the list of your user pools.

• Click on Create a user pool to create a new user pool.

• Add a Pool Name and click on the Review Defaults button to continue.

• Scroll down and click on the Add App Client option in front of App Clients.

• Click on Add an App Client. Enter an App Client Name and click on Create app client to create an App client.

• Click on Return to Pool Details to come back to your configuration.

• Click on Create Pool button to save your settings and create a user pool.

• In the navigation bar present on the left side, click on the App Client Settings option under the App Integration menu.

• Enable Identity provider as Cognito user pool and enter your Callback/Redirect URL which you will get from miniOrange ASP.NET OAuth Client under the CallBack URLs text-field. Select Authorization code grant checkbox under the Allowed OAuth Flows and also select openid and profile checkboxes under the Allowed OAuth Scopes option (Please refer to the image below). Click on the Save Changes button to save your configurations.

• Click on Choose Domain Name option to set a domain name for your app.

• Enter your Domain Name under the Domain Prefix text-field and click on the Save Changes button to save your domain name.

• Click on App Clients option under the General Settings menu in the left side navigation bar. Then, click on the Show Details button to see your App details like Client ID, Client secret etc.

• Copy the Client App ID and Client App Secret text field values which you will require in Step 3 to configure miniOrange ASP.NET OAuth Client.

• Click on Users and groups option under the General Settings menu in the left side navigation bar. Then, click on the Create user button to add a new user.

• Fill all the required details and click on Create user.

• You can see the new user created.



AWS Cognito Endpoints and Scope:




Client ID :	Click Here
Client Secret :	Click Here
Scope:	openid
Authorize Endpoint:	https://<cognito-app-domain>/oauth2/authorize
Access Token Endpoint:	https://<cognito-app-domain>/oauth2/token
Get User Info Endpoint:	https://<cognito-app-domain>/oauth2/userInfo
Custom redirect URL after logout:[optional]	https://<cognito-app-domain>/logout?client_id=<Client-ID>&logout_uri=<Sign out URL configured in Cognito Portal>

3. Test Configuration

• After saving settings, you can see the list of applications you have configured.
• Click on Edit to update the configuration.

• Click on Test Configuration to check if the configuration is correct.
• On successful configuration, you will get Attributes Name and Attribute Values on Test Configuration window.

4. Attribute Mapping

• Go to the oauthclientsso settings >> Advanced Settings >> Attribute Mapping.

• Map email and username with Attribute Name you can see in Test Configuration window.

5. Adding widget

• For adding the widget go to Add Widget.

• Click on Add Widget button. A button will be added on the DNN page.

You can configure the ASP.NET SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.

Additional Resources

• DNN OAuth Single Sign-On (SSO)
• DNN SAML Single Sign-On (SSO)
• ASP.NET OAuth Single Sign-On (SSO)
• nopCommerce OAuth Single Sign-On (SSO)
• nopCommerce SAML Single Sign-On (SSO)

×