ASP.NET SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your ASP.NET applications.
Using Single Sign-On you can use only one password to access your ASP.NET application and services.
Our module is compatible with all the SAML compliant Identity providers.
Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and ADFS considering ADFS as IdP.
Download And Extract Package
- Download miniOrange ASP.NET SAML 2.0 Module.
- For Setting up the module, extract the asp-net-saml-sso-module-xxx.zip, you will find a DLL file miniorange-saml-sso.dll, a configuration file saml.config and a integration.md file which contain the steps for adding the module into your application.
Steps to configure ADFS Single Sign-On (SSO) Login into ASP.NET
1. Add module on DNN page
- Add miniorange-saml-sso.dll in the bin folder (where your other DLL files exist) for your application.
- Register miniorangesamlsso module in your application according to the provided steps in the integration.md file.
- Add the provided configuration file saml.config in the root directory for your application.
- After integration open browser and browse the module dashboard with URL below:
https://<your-application-base-url>?ssoaction=config
- If it pops up the registration page or login page, you have successfully added the miniOrange saml sso module for your application.
- Register or Login for configuring the module.
2. Configure ADFS as Identity Provider
- First, search for ADFS Management application on your ADFS server.
- In AD FS Management, select Relying Party Trust and click on Add Relying Party Trust.
- Select Claims aware from the Relying Party Trust Wizard and click on Start button.
- In Select Data Source, select the data source for adding a relying party trust.
- Navigate to Service Provider Metadata section of the ASP.NET SAML module to get the endpoints to configure Service Provider manually.
- In Add Relying Party Trust Wizard select option Enter data about the relying party manually and click on Next.
Specify Display Name
- Enter Display Name and Click Next.
Configure Certificate (Premium feature)
- Download the certificate from Service Provider Metadata Tab.
- Upload the certificate and click on Next.
Configure URL
- Select Enable support for the SAML 2.0 WebSSO protocol option and enter ACS URLfrom the plugin's Service Provider Metadata Tab.
- Click on Next.
Configure Identifiers
- In the Relying party trust identifier, add the SP-EntityID / Issuer from the plugin's Service Provider Metadata tab.
Choose Access Control Policy
- Select Permit everyone as an Access Control Policy and click on Next.
Ready to Add Trust
- In Ready to Add Trust click on Next and then Close.
Edit Claim Issuance Policy
- In the list of Relying Party Trust, select the application you created and click on Edit Claim Issuance Policy.
- In Issuance Transform Rule tab click on Add Rule button.
Choose Rule Type
- Select Send LDAP Attributes as Claims and click on Next.
Configure Claim Rule
- Add a Claim Rule Name and select the Attribute Store as required from the dropdown.
- Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP Attribute as E-Mail-Addresses and Outgoing Claim Type as Name ID.
- Once you have configured the attributes, click on Finish.
- After configuring ADFS as IDP, you will need the Federation Metadata to configure your Service Provider.
- To get the ADFS Federation Metadata, you can use this URL
https://< ADFS_Server_Name >/federationmetadata/2007-06/federationmetadata.xml
- You have successfully configured ADFS as SAML IdP (Identity Provider) for achieving ADFS Single Sign-On (SSO) Login
Windows SSO (Optional)
Follow the steps below to configure Windows SSO
Steps to configure ADFS for Windows Authentication
3. Configure ASP.NET SAML Module as Service Provider
- After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively. (Refer to the Metadata provided by Identity Provider)
- Click Save to Save your IDP details.
4: Test Configuration
- Click on the Test Configuration button to test the configuration.
5: Attribute Mapping
- After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.
- Note: All the mapped attributes will be stored in the session so that you can access them in your application.
6: Integration Code
- You can also find the Integration code in the Integration Code tab in the module. Just copy-paste that code snippet wherever you want to access the user attributes.
- Note: All the mapped attributes will be stored in the session so that you can access them in your application.
7: Login Settings
- Use the following URL as a link in your application from where you want to perform SSO:
https://<your-application-base-url>/?ssoaction=login
- For example you can use it as:
<a href="https://<your-application-base-url>/?ssoaction=login">Login</a>
8: Logout Settings
- Use the following URL as a link in your application from where you want to perform SLO:
https://<your-application-base-url>/?ssoaction=logout
- For example you can use it as:
<a href="https://<your-application-base-url>/?ssoaction=logout">Logout</a>
You can configure the DotNetNuke SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as
ADFS, Azure AD, Bitium, centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito,
OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or
even with your own custom identity provider.
If you are looking to Single Sign-On into your sites with any SAML compliant Identity Provider then we have a separate solution for that. We do provide SSO solutions for the following: