Service Provider Setup

  • Uploading Metadata

    You can upload your IdP metadata by clicking on the Upload IDP Metadata which provides you two options:

    1. You can upload your Identity Provider metadata using the XML file.

    2. You can use the metadata URL of your Identity Provider to upload metadata.

    nopCommerce SAML Single Sign-On (SSO) - nopCommerce SAML SSO - Upload IDP Metadata

    Note: If the IdP metadata is changed you will be again required to provide us with the updated metadata.

  • Manual Configuration

    You can manually configure your IdP metadata where you need to have the following settings and save them.

    • identity provider name

    • IdP Entity ID or Issuer

    • SAML Login URL (The URL where SAML request needs to be posted not the login URL)

    • X.509 Certificate from the IDP

    nopCommerce SAML Single Sign-On (SSO) - nopCommerce SAML SSO - Uploading IDP Metadata via manual configuration

Auto Creation of Users

Users who are authenticated from the Identity Provider side but are not present in the nopCommerce site will be created automatically with the profile attributes mapped.

nopCommerce SAML Single Sign-On (SSO) - nopCommerce SAML SSO - Auto Creation of SSO users

Test Configuration: After you configure your IdP’s metadata, you SAVE it and go to Test Configuration. There a new window will open which will display either of the following configuration status:-

  1. Configuration successful – with user attributes.

  2. Error message – if any configuration error is sent by IdP.

nopCommerce SAML Single Sign-On (SSO) - nopCommerce SAML SSO - Testing nopCommerce SAML SSO

When you are configuring your IdP, you will be given an option to send the signed SAML SSO and SLO Requests.

Enabling this option adds another layer of security to your SSO and SLO process as the SSO/SLO request will be digitally signed using the default signing and encryption certificate present in the plugin. You can also use your own custom certificate for this instead.

Note: This option is present in the Premium and Enterprise.

You can select any of these options to send your SAML Request if your IDP supports the selected methods.

  1. HTTP-Post binding type
  2. HTTP-Redirect binding type

While configuring, it also provides the feature to add a Single Logout URL. But, this feature will only work if your IDP supports Single logout. Here also you can select the option of binding type to send your request.

Note: This is present in all our plugins from the Premium plan onwards.