ASP.NET SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your ASP.NET applications. Using Single Sign-On you can use only one password to access your ASP.NET application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and ADFS considering ADFS as IdP.

Download And Extract Package

• Download miniOrange ASP.NET SAML 2.0 Module.
• For Setting up the module, extract the asp-net-saml-sso-module-xxx.zip, you will find a DLL file miniorange-saml-sso.dll, a configuration file saml.config and a integration.md file which contain the steps for adding the module into your application.

Steps to configure ADFS Single Sign-On (SSO) Login into ASP.NET

1. Add module on DNN page

• Add miniorange-saml-sso.dll in the bin folder (where your other DLL files exist) for your application.
• Register miniorangesamlsso module in your application according to the provided steps in the integration.md file.
• Add the provided configuration file saml.config in the root directory for your application.
• After integration open browser and browse the module dashboard with URL below:
https://<your-application-base-url>?ssoaction=config
• If it pops up the registration page or login page, you have successfully added the miniOrange saml sso module for your application.


• Register or Login for configuring the module.

2. Configure ADFS as Identity Provider

• First, search for ADFS Management application on your ADFS server.

• After opening the AD FS Management, select Relying Party Trust. Click on Add Relying Party Trust.


• Select Claims Aware and click the Start button from the Relying Party Trust Wizard pop up.


• Select the options for Adding a Relying Party Trust.
• Using Metadata URL : Import data about the relying party published online or on the local network: Select this option to enter the metadata using metadata URL provided by Service Provider section of the module.


• Using Metadata XML file : Import data about the relying party from a file: Select this option to upload the SP metadata file (XML file) provided by the Service Provider section of the module.


• Using Manual configuration : Enter Data about the relying party manually & Click on Next: Select this option to enter the data manually


• Enter Display Name and click Next.
• Select Enable support for the SAML 2.0 WebSSO protocol. Enter ACS URL from the plugins Service Provider Info Tab. Click Next.


• Add Entity ID from plugins Service Provider Settings section as Relying party trust identifier.
• Click on the Add button and then click Next.


• Select Permit everyone as an Access Control Policy & click on Next.


• Click the Next button from Ready to Add Trust and click Close.
• A list of Relying Party Trusts will be visible. Select the respective application & click on Edit Claim Issuance Policy.


• Click on the Add Rule button.


• Select Send LDAP Attributes as Claims &and click on Next.


• Enter the following details and click on Finish.

Claim rule name:	Attributes
Attribute Store:	Active Directory
LDAP Attribute:	E-Mail-Addresses
Outgoing Claim Type:	Name ID


• Click Apply and then Ok.

3. Configure ASP.NET SAML Module as Service Provider

• After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively. (Refer to the Metadata provided by Identity Provider)
• Click Save to Save your IDP details.

4: Test Configuration

• Click on the Test Configuration button to test the configuration.

5: Attribute Mapping

• After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.
• Note: All the mapped attributes will be stored in the session so that you can access them in your application.

6: Integration Code

• You can also find the Integration code in the Integration Code tab in the module. Just copy-paste that code snippet wherever you want to access the user attributes.
• Note: All the mapped attributes will be stored in the session so that you can access them in your application.

7: Login Settings

• Use the following URL as a link in your application from where you want to perform SSO:
• https://<your-application-base-url>/?ssoaction=login
• For example you can use it as:
• <a href="https://<your-application-base-url>/?ssoaction=login">Login</a>

8: Logout Settings

• Use the following URL as a link in your application from where you want to perform SLO:
• https://<your-application-base-url>/?ssoaction=logout
• For example you can use it as:
• <a href="https://<your-application-base-url>/?ssoaction=logout">Logout</a>

You can configure the DotNetNuke SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as ADFS, Azure AD, Bitium, centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

If you are looking to Single Sign-On into your sites with any SAML compliant Identity Provider then we have a separate solution for that. We do provide SSO solutions for the following: