SAML Single Sign-On (SSO) For ASP.NET Web Applications Using Azure AD As IDP
Contents
SAML Single Sign-On (SSO) For ASP.NET Web Applications Using Azure AD As IDP
ASP.NET SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your ASP.NET applications.
Using Single Sign-On you can use only one password to access your ASP.NET application and services.
Our module is compatible with all the SAML compliant Identity providers.
Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and Azure AD considering Azure AD as IdP.
For Setting up the module, extract the asp-net-saml-sso-module-xxx.zip, you will find a DLL file miniorange-saml-sso.dll, a configuration file saml.config and a integration.md file which contain the steps for adding the module into your application.
Steps to configure Azure AD Single Sign-On (SSO) Login into ASP.NET
1. Add module on DNN page
Add miniorange-saml-sso.dll in the bin folder (where your other DLL files exist) for your application.
Register miniorangesamlsso module in your application according to the provided steps in the integration.md file.
Add the provided configuration file saml.config in the root directory for your application.
After integration open browser and browse the module dashboard with URL below:
Select Azure Active Directory -> Enterprise Applications. Click on New Application Application.
Click on the Non-gallery application section and enter the name for your app and click on Add button.
Click on Single sign-on from the application's left-hand navigation menu and select SAML.
Edit BASIC SAML CONFIGURATION and enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Info tab of the plugin.
Copy App Federation Metadata Url. This will be used while configuring the ASP.NET SAML module.
Assign users and groups to your SAML application.
Click on Users and groups from the applications left-hand navigation menu.
After clicking on Add user, Select Users and groups in the Add Assignment screen. Search or invite an external user. Select the appropriate user and click on the Select button.
After selecting the appropriate user, click on the Assign button.
Select Azure Active Directory -> App Registrations. Click on New Application Registration.
You will need SP Entity ID and ACS URL values while configuration. Refer to the below image:
After Clicking on New Registration, enter a Name for your application and choose the account type.
In the Redirect URI field, provide the ACS URL provided in the Service Provider Settings section of the module and click on the Register button.
After registering your application, go to Expose an API menu option and Click the Set button and replace the Application URI with the plugin's SP Entity ID provided in plugin’s Service Provider Settings.
After setting the Application ID, go back to Azure Active Directory -> App Registrations window and click on Endpoints.
This will open up a window with multiple URLs listed there. Copy the Federation Metadata Document URL. This will be required while configuring the SAML module.
3. Configure ASP.NET SAML Module as Service Provider
After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively. (Refer to the Metadata provided by Identity Provider)
Click Save to Save your IDP details.
4: Test Configuration
Click on the Test Configuration button to test the configuration.
5: Attribute Mapping
After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.
Note: All the mapped attributes will be stored in the session so that you can access them in your application.
6: Integration Code
You can also find the Integration code in the Integration Code tab in the module. Just copy-paste that code snippet wherever you want to access the user attributes.
Note: All the mapped attributes will be stored in the session so that you can access them in your application.
7: Login Settings
Use the following URL as a link in your application from where you want to perform SSO:
You can configure the DotNetNuke SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as
ADFS, Azure AD, Bitium, centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito,
OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or
even with your own custom identity provider.
If you are looking to Single Sign-On into your sites with any SAML compliant Identity Provider then we have a separate solution for that. We do provide SSO solutions for the following:
