module acts as a SAML 2.0 Identity Provider which can be configured to
establish the trust between the module and various SAML-compliant
to securely authenticate the user using the DotNetNuke (DNN) site credentials.
Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke(DNN) and Cognito
considering DotNetNuke(DNN) as IDP.
To know more about the other features we provide, click here.
Upload the installation package
dnn-saml-single-sign-on-sso-idp_xxx_Install by going in
Settings > Extension > Install Extension.
Open any of the page on your DNN site (Edit mode) and Click on
Search for moDNNSAMLIDP and click on the moDNNSAMLIDP. Drag and drop
the module on the page where you want.
You have finished with the Installation of the module on your DNN site.
1. Configure Cognito as SP
From the list of service providers given below, select
There are two options in the module to share your IDP metadata to the
service provider. Either you can share metadata URL or you can download the
metadata (XML) file.
Also you can add the IDP metadata manually by entering IDP Entity ID, Single Sign-On URL and x.509
First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.
Search for Cognito in the AWS Services search bar as shown below.
Click on Create a identity pool to create a new identity pool.
Now under the Auhtntication section select Authenticated Access as User Access & select SAML as Authenticated Identity Source.
Click on Next button.
Now In Configure Permissions check the create a new IAM role box and enter a name for new IAM role.
Click on Next button
For creating new user pool. Enter Pool Name and select
On the navigation bar on the left-side of the page, choose
App clients under General settings.
Choose Add an app client and give your app a
Clear the option
Generate client secret for the purposes of this getting
started exercise, as it would not be secure to send it on the URL using
Choose Create app client.
Note the App client ID and choose
Return to pool details.
Click on the Domain name tab of the
Amazon Cognito console and add Domain Prefix.
On the left navigation bar, choose Identity providers and
then choose SAML to open the SAML dialog.
Under Metadata document upload a metadata document from
your SAML IdP. You can also enter a URL that points to the
Note: Amazon Cognito recommends that you provide the
endpoint URL if it is a public endpoint, rather than
uploading a file because this allows Amazon Cognito to
refresh the metadata automatically. Typically metadata
refresh happens every 6 hours or before the metadata expires, whichever is
Enter the values by referring to the table below.
Enter your SAML Identity Provider name.
Enter any optional SAML Identifiers you want to use.
Enable IdP sign out flow
Select Enable IdP sign out flow if you want your user to be logged
out from the SAML IdP when logging out from Amazon Cognito.
Click on Create provider.
On the Attribute mapping tab,if you are opting for it then
add mappings for at least the required attributes, typically
Choose Save changes.
2. Configure DNN as SAML IDP
There are two options to add an application for your Service Provider in the IDP module
A] Upload metadata using Upload SP Metadata option
IDP module requires SP Entity ID and ACS URL values from your
provider. You may get the metadata file (.xml) or metadata URL.
You can upload metadata using Upload SP Metadata option where
you can upload metadata using XML file or URL.
You may refer to the screenshot below:
You can choose any one of the options according to the metadata format you
B] Configure the Service Provider metadata manually
Once configured service provider metadata, Update the module
3. Attribute Mapping
In this steps you will map the DotNetNuke user attribute to be sent in the
response to the Service Provider.
NameID defines what SP is expecting in the subject element of SAML
Assertion. Generally, NameID is Username or Email Address. You can select
which user attribute you want to send in the NameID.
NameID Format defines the format of subject element content, i.e. NameID.
For example, Email Address NameID Format defines that the NameID is in the
form of an email address, specifically “addr-spec”.
An addr-spec has the
form local-part@domain, has no phrase (such as a common name) before it, has
no comment (text surrounded in parentheses) after it, and is not surrounded
by “<” and “>”. If NameID Format is not externally specified by SP,
leave it unspecified.
You can add other attributes to be sent in SAML Assertion to SP. The
attributes include user’s profile attributes such as first name, last name,
fullname, username, email, custom profile attributes etc.
4. Testing SSO
In the Incognito browser window, enter the Cognito URL.
The browser will redirect you to the DNN Login screen.
Enter the DNN Credentials and click on Log in.
If you are redirected back to your Cognito start page and logged in successfully, then your configuration
You have successfully configured DNN as SAML IDP ( Identity Provider) for achieving DNN SSO login into your Cognito
You can configure the DNN SAML IDP module with any service provider such as
Azure AD, Azure B2C, Google Apps, Zoho Desk, Salesforce, WordPress,
Cognito, Moodle, Zapier, Zoho, Zoom, Tableau Server, Hubspot, TalentLMS,
or even with your own custom service providers. You can find more
Not able to find your identity provider? Mail us on
and we'll help you set up SSO with your service provider and for quick
guidance (via email/meeting) on your requirement and our team will help you
to select the best suitable solution/plan as per your requirement.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.