DNN SAML Single Sign-On (SSO)
authentication provider gives the ability to enable SAML Single Sign-On for your DotNetNuke
applications. Using Single Sign-On you can use only one password to access
your DotNetNuke application and services. Our authentication provider is compatible with all
the SAML-compliant
identity providers. Here we will go through a step-by-step guide to configure Single Sign-On
(SSO) between DotNetNuke and ADFS considering ADFS as IdP.
Download and Install the authentication provider in DotNetNuke
Download
the package for DNN SAML Single Sign-On (SSO) authnetication provider.
Upload the installation package
dnn-saml-single-sign-on_xxx_Install by going in
Settings > Extension > Install Extension.
Steps to configure ADFS Single Sign-On (SSO) Login into DotNetNuke
1. Add authentication provider on DNN page
Now under the Installed extensions tab select Authentication Systems.Here you can see the miniOrange DNN SAML Authentication Plugin.
Just Click on the pencil icon as mentioned in the image below to configure the DNN SAML Authentication Provider.
Now go to the site settings tab. Here you can see the DNN SAML Authentication Provider Dashboard.
You have finished with the Installation of the authentication provider on your DNN site.
2. Configure ADFS as Identity Provider
First, search for ADFS Management application on your ADFS server.
In ADFS Management, select Relying Party Trust and click on
Add Relying Party Trust.
Select Claims aware from the Relying Party Trust Wizard and click on
Start button.
Select Data Source
In Select Data Source, select the data source for adding a relying party
trust.
Navigate to Service Provider Metadata section from the ASP.NET
SAML module and copy the Metadata URL.
Select
Import data about the relying party published online or on the local
network option and add the metadata URL in Federation metadata address.
Click on Next.
Note: In the next step enter the desired
Display Name and click Next.
Navigate to Service Provider Metadata section from the ASP.NET
SAML module and click on the Download XML metadata button to
download the plugin metadata file.
Select Import data about the relying party from a file option and
upload the downloaded metadata file.
Click on Next.
Note: In the next step enter the desired
Display Name and click Next.
Navigate to Service Provider Metadata section of the ASP.NET SAML
module to get the endpoints to configure Service Provider manually.
In Add Relying Party Trust Wizard select option
Enter data about the relying party manually and click on
Next.
Specify Display Name
Enter Display Name and Click Next.
Configure Certificate (Premium feature)
Download the certificate from Service Provider Metadata Tab.
Upload the certificate and click on Next.
Configure URL
Select Enable support for the SAML 2.0 WebSSO protocol option
and enter ACS URLfrom the plugin's
Service Provider Metadata Tab.
Click on Next.
Configure Identifiers
In the Relying party trust identifier, add the
SP-EntityID / Issuer from the plugin's
Service Provider Metadata tab.
Choose Access Control Policy
Select Permit everyone as an Access Control Policy and click on
Next.
Ready to Add Trust
In Ready to Add Trust click on Next and then Close.
Edit Claim Issuance Policy
In the list of Relying Party Trust, select the application you
created and click on Edit Claim Issuance Policy.
In Issuance Transform Rule tab click on Add Rule button.
Choose Rule Type
Select Send LDAP Attributes as Claims and click on Next.
Configure Claim Rule
Add a Claim Rule Name and select the Attribute Store as
required from the dropdown.
Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP
Attribute as E-Mail-Addresses and Outgoing Claim Type as
Name ID.
Once you have configured the attributes, click on Finish.
After configuring ADFS as IDP, you will need the
Federation Metadata to configure your Service Provider.
To get the ADFS Federation Metadata, you can use this URL https://< ADFS_Server_Name
>/federationmetadata/2007-06/federationmetadata.xml
You have successfully configured ADFS as SAML IdP (Identity Provider) for
achieving ADFS Single Sign-On (SSO) Login
Windows SSO (Optional)
Follow the steps below to configure Windows SSO
Steps to configure ADFS for Windows Authentication
Open elevated Command Prompt on the ADFS Server and execute the following
command on it:
setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##
FQDN is Fully Qualified Domain Name (Example : adfs4.example.com)
Domain Service Account is the username of the account in AD.
Example : setspn -a HTTP/adfs.example.com username/domain
Open AD FS Management Console, click on Services and go to
the Authentication Methods section. On the right, click on
Edit Primary Authentication Methods. Check Windows
Authentication in Intranet zone.
Open Internet Explorer. Navigate to Security tab in Internet Options.
Add the FQDN of AD FS to the list of sites in Local Intranet and restart the
browser.
Select Custom Level for the Security Zone. In the list of options, select
Automatic Logon only in Intranet Zone.
Open the powershell and execute following two commands to enable windows
authentication in Chrome browser.
You have successfully configured ADFS for Windows Authentication.
3. Configure DotNetNuke SAML Authentication Provider as Service Provider
For configuring application in the authentication provider, click on the Add new IdP button in the Identity Provider Settings tab.
A] Select your Identity Provider
Select ADFS from the list. You can also
search for your Identity Provider using the search box.
B] Configure your Identity Provider
Under the Service Provider Settings tab, you can download SP metadata as
a XML document or copy the metadata url.
Alternatively, copy and paste the SP Entity ID and ACS Url from the SP
metadata Table to your ADFS configuration page.
C] Configure your Service Provider
To upload IdP's metadata, you can use the
Upload IdP metadata button under the Identity Provider Settings
tab, if you have the IdP metadata URL or the IdP metadata .xml file.
Alternatively, you can copy the IDP Entity ID and
Single Sign-On Url values from the IdP and fill them up under the
Identity Provider Settings tab.
4. Testing SAML SSO
Click the Test Configuration button to verify if you have configured
the plugin correctly.
On successful configuration, you will get Attribute Name and Attribute
Values in the Test Configuration window.
5. Attribute Mapping
For attribute mapping select the Edit Configuration from the select actions dropdown.
Map email and username with Attribute Name you can see in Test
Configuration window and save the settings.
6. Get the Single Sign-On (SSO) link for your application
You can find the SSO Link in the Action dropdown in Applications List of the authentication provider.
You can even configure the
ASP.NET SAML Single Sign-On (SSO)
module with any identity provider such as
ADFS, Microsoft Entra ID (formerly Azure AD), Bitium, centrify, G Suite,
JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle,
PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML,
WSO2
or even with your own custom identity provider. To check other identity
providers, click
here.
Not able to find your identity provider? Mail us on
dnnsupport@xecurify.com
and we'll help you set up SSO with your IDP and for quick guidance (via
email/meeting) on your requirement and our team will help you to select the
best suitable solution/plan as per your requirement.
×
Hello there!
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com