Search Results :

×

DNN OAuth Single Sign-On (SSO) using Keycloak As OAuth Provider


DNN OAuth Single Sign-On (SSO) authentication provider gives the ability to enable OAuth Single Sign-On for your DotNetNuke site using Keycloak as the OAuth Provider. Using Single Sign-On you can use only one password to access your DotNetNuke site and services. Our authentication provider is compatible with all the OAuth compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DNN and Keycloak.

  • Download the DNN Oauth Single Sign On authentication provider with above link.
  • Upload the installation package dnn-oauth-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
  • Navigate to the Installed Extensions tab and select Authentication Systems. You will find the miniOrange DNN OAuth Authentication Provider listed there.
DNN OAuth SSO - Authentication Provider

  • Click on the pencil icon (as shown in the image below) to begin configuring the DNN OAuth Authentication Provider.
DNN OAuth SSO - Authentication Provider pencil icon

  • Proceed to the Site Settings tab. Here, you will see the DNN OAuth Authentication Provider Dashboard, where you can manage the configuration.
DNN OAuth SSO - Authentication Provider Dashboard

  • You have now successfully completed the installation of the Authentication Provider on your DNN site.
  • For configuring application in the authentication provider, click on the Add New Provider button in the Identity Provider Settings tab.
DNN OAuth SSO - add new IDP

  • Select Keyclock as Identity Provider from the list. You can also search for your Identity Provider using the search box.
DNN OAuth SSO - Select identity provider
  • Start the keycloak server based on your keycloak version. (See table below)
For the Keycloak Version 16 and below

Go to the Root Directory of keycloak bin standalone.sh

For the Keycloak Version 17 and above

Go to the Root Directory of keycloak bin kc.bat and run the below commands.
1. kc.bat build
2. kc.bat start-dev


Follow the following steps to configure Keycloak as IdP to achieve DNN OAuth Keycloak SSO

Select Keycloak version:
  • Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - add realm
  • Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - add realm
  • Create OpenID client: Click on the Clients and choose create to create a new client. Enter client id and select client protocol openeid-connect and select Save.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - client id
  • Change Access type: After client is created change its access type to confidential.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - change access type
  • Enter Valid Redirect URIs: Copy callback URL from plugin and then click on SAVE. Ex -- https:///oauth/callback
  • Keycloak SSO - Keycloak OAuth Single Sign-On - change access type
  • Get Client Secret: Now we need to get client secret. So select Clients and select credentials and copy your secret from here.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - client id client secret
  • Plugin Configuration: Enter copied Client Secret under Client secret field in the OAuth Client plugin, and enter the Client Name under the Client ID field.
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and choose to Add a new User.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - add user
  • User Configuration: After user is created following action needs to be performed on it.
    • 1) Setting a password for it so click on Credentials and set a new Password for the user.

    Keycloak SSO - Keycloak OAuth Single Sign-On - set password

    NOTE : Disabling Temporary will make user password permanent.

  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles and clicking on add selected.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - map user
  • Create ROLE: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Add Role.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - add role

    Step 1.1: Steps to fetch Keycloak Groups [Premium]

    • Create groups: Click on the Groups and choose New to create a new group.
    • Keycloak SSO - Keycloak OAuth Single Sign-On - create group
    • Assign user to group: Select the user whom you want to add in group. Choose Groups option from tab and then select the group-name and click on join.
    • Keycloak SSO - Keycloak OAuth Single Sign-On - assign group
    • Keycloak Group Mapper: Now to get group details we need to perform its client mapping with group membership else group details will not be fetched. So in Client section, select your client and then click on mapper->create.
    • Keycloak SSO - Keycloak OAuth Single Sign-On - group mapper
      Keycloak SSO - Keycloak OAuth Single Sign-On - group mapper
    • Now, select mapper type as Group Membership and enter the name and token claim name i.e the attribute name corresponding to which groups will be fetched. Turn Off the full group path, Add to ID token and Add to access token options, and click on Save.
    • Keycloak SSO - Keycloak OAuth Single Sign-On - group mapper

      Note: -- If full path is on group path will be fetched else group name will be fetched.

    Step 1.2: Steps to fetch Keycloak Roles [Premium]

    • Keycloak Role Mapper: Now to get role details we need to perform its client mapping with role membership else role details will not be fetched. So in Client section, select your client and then click on mapper->create.

    • Keycloak SSO - Keycloak OAuth Single Sign-On - group mapper Keycloak SSO - Keycloak OAuth Single Sign-On - group mapper
    • Now, select mapper type as user realm Role Membership and enter the name. and token claim name i.e the attribute name corresponding to which groups will be fetched. Add to ID token and Add to access token options, and click on Save.
    • Keycloak SSO - Keycloak OAuth Single Sign-On - group mapper
  • Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Add realm
  • Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Create realm
  • Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client id and select client protocol openeid-connect and Click Next.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Create client
    Keycloak SSO - Keycloak OAuth Single Sign-On - Add client id
  • Enable the Client Authentication and Authorization toggle.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Enable toggle
  • Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side under the CallBack URLs text-field.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - callback url
  • Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring WordPress OAuth Single Sign-On plugin.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Copy client secret
  • Plugin Configuration: Enter copied Client Secret under Client secret field in the OAuth Client plugin, and enter the Client ID under the Client ID field.
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and Click on Create new user to Add a new User.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Add user
  • User Configuration: After user is created following action needs to be performed on it.
    • 1) Setting a password for it so click on Credentials and set a new Password for the user.

    Keycloak SSO - Keycloak OAuth Single Sign-On - set password

    NOTE : Disabling Temporary will make user password permanent.

  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - map user
  • Create ROLE: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Create Role.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - add role
  • Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Add realm
  • Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Create realm
  • Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client id and select client protocol openeid-connect and Click Next.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Create client
    Keycloak SSO - Keycloak OAuth Single Sign-On - Add client id
  • Enable the Client Authentication and Authorization toggle.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Enable toggle
  • Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side under the CallBack URLs text-field.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - callback url
  • Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring WordPress OAuth Single Sign-On plugin.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Copy client secret
  • Plugin Configuration: Enter copied Client Secret under Client secret field in the OAuth Client plugin, and enter the Client ID under the Client ID field.
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and Click on Create new user to Add a new User.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - Add user
  • User Configuration: After user is created following action needs to be performed on it.
    • 1) Setting a password for it so click on Credentials and set a new Password for the user.

    Keycloak SSO - Keycloak OAuth Single Sign-On - set password

    NOTE : Disabling Temporary will make user password permanent.

  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles.
  • Keycloak SSO - Keycloak OAuth Single Sign-On - map user

In conclusion, by successfully configuring Keycloak as OAuth Provider, you have enabled DNN OAuth Keycloak SSO Login and authorization for your end users into DNN.

  • Copy the Redirect/Callback URL and provide it to your OAuth provider.
DNN OAuth SSO - DNN OAuth Redirect URL
  • Configure Client ID, Client Secret, update the endpoints if required and save the settings.
DNN OAuth SSO - Configuration

DNN OAuth SSO - Configuration
  • Now go to the Identity Provider Settings tab.
  • Under the select actions click on the Test Configuration button to verify if you have configured the authentication provider correctly.
DNN OAuth SSO - Testing OAuth SSO

  • On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.
DNN OAuth SSO - Testing OAuth SSO
  • For attribute mapping select the Edit Configuration from the select actions dropdown.
  • Map email and username with Attribute Name you can see in Test Configuration window and save the settings.
DNN OAuth SSO - DNN OAuth Attribute Mapping

You can even configure the ASP.NET SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here


Please reach out to us at dnnsupport@xecurify.com, and our team will assist you with setting up the DNN OAuth Single Sign On. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support