DotNetNuke SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your DotNetNuke applications. Using Single Sign-On you can use only one password to access your DotNetNuke application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke and ADFS considering ADFS as IdP.
Download and Install the module in DotNetNuke
- Download the package for DNN SAML Single Sign-On (SSO) module.
- Upload the installation package dnn-saml-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
Step 1: Add module on DNN page
- Open any of the page on your DNN site (Edit mode) and Click on Add Module.
- Search for DNNSAMLSSO and click on the DNNSAMLSSO. Drag and drop the module on the page where you want.
- You have finished with the Installation of the module on your DNN site.
Step 2: Configure ADFS as Identity Provider
- First, search for ADFS Management application on your ADFS server.
- After opening the AD FS Management, select Relying Party Trust. Click on Add Relying Party Trust.
- Select Claims Aware and click the Start button from the Relying Party Trust Wizard pop up.
- Select the options for Adding a Relying Party Trust.
- Using Metadata URL : Import data about the relying party published online or on the local network: Select this option to enter the metadata using metadata URL provided by Service Provider section of the module.
- Using Metadata XML file : Import data about the relying party from a file: Select this option to upload the SP metadata file (XML file) provided by the Service Provider section of the module.
- Using Manual configuration : Enter Data about the relying party manually & Click on Next: Select this option to enter the data manually
- Enter Display Name and click Next.
- Select Enable support for the SAML 2.0 WebSSO protocol. Enter ACS URL from the plugins Service Provider Info Tab. Click Next.
- Add Entity ID from plugins Service Provider Settings section as Relying party trust identifier.
- Click on the Add button and then click Next.
- Select Permit everyone as an Access Control Policy & click on Next.
- Click the Next button from Ready to Add Trust and click Close.
- A list of Relying Party Trusts will be visible. Select the respective application & click on Edit Claim Issuance Policy.
- Click on the Add Rule button.
- Select Send LDAP Attributes as Claims &and click on Next.
- Enter the following details and click on Finish.
|Claim rule name:
|Outgoing Claim Type:
- Click Apply and then Ok.
Step 3: Configure DotNetNuke SAML Module as Service Provider
- After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively. (Refer to the Metadata provided by Identity Provider)
- Click Update to Save your IDP details.
Step 4: Test Configuration
- Click on the Test Configuration button to test the configuration.
Step 5: Adding Login Widget on DNN Page
- For Adding Button on the DNN page on beside the module settings click on the Add Item (Pencil Icon).
- Add Button name and Description for item and click on Save.
- You can see login button on the page after saving item. (If you are already logged in your site, you will see a "Logout" link).
- Note: If you want to Enable this button on every page of the DNN site follow below steps:
- Go to the Settings >> Module Settings >> Advanced Settings and Enable option for Display Module On All Page.
- Warning: You will lose all your configuration for the module after enabling this option. You can re-configure the module or it is better to enable this option before configuring the module.
Step 6: Attribute Mapping
- Attributes are user details that are stored in your Identity Provider.
- Attribute Mapping helps you to get user attributes from your IdP and map them to DotNetNuke user attributes like firstname, lastname etc.
- While auto registering the users in your DotNetNuke site these attributes will automatically get mapped to your DotNetNuke user details.
- Go to DNNSAMLSSO Settings >> Advanced settings >> Attribute Mapping.
Step 7: Role mapping (It is Optional to fill this)
- DotNetNuke uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- DotNetNuke has five pre-defined roles: Administrators, Subscribers, Registered Users, Translator (en-US) and Unverified Users.
- Role mapping helps you to assign specific roles to users of a certain group in your IdP.
- While auto registering, the users are assigned roles based on the group they are mapped to.
You can configure the DotNetNuke SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as
ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito,
OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or
even with your own custom identity provider.