Administration Page

1. In a browser, open the Dashboard page. You will be redirected to an admin credentials configuration page
2. Enter the credentials that will be used to access the Administration Page

http://example.com:8080/oxygen-xml-web-author/app/admin.html

General

Change tracking initial state

Allows you the choose the initial state of the Change Tracking feature. You can choose between Stored in document, Always On, and Always Off.

Show content completion list when pressing Enter

This option is selected by default, which means that when a user presses the Enter key, the content completion popup window will be opened. If this option is not selected, the Enter key will work similar to the behavior in normal word processors, but the user will still have the ability to open the content completion list by pressing CTRL+Enter.

Show all possible elements in content completion list

When selected, the Content Completion Assistant includes all possible elements, including those that are invalid at the current location, but those proposals are rendered in a lighter shade of gray, italicized, and appear after the valid proposals.

Change editors without page reload

When enabled, documents can be loaded in the main editing area without refreshing the entire web page. If you have customized Web Author through plugins, there might be instances where a custom behavior does not work as intended without refreshing the page, so disabling this option provides a possible temporary solution until the plugin is updated to account for the changes added to Web Author functionality. For more information about this, along with some best practice advice, plugin developers should see Best Practices for Plugin Developers.

Logging

This section displays the location of the Log file or Config file that Oxygen XML Web Author uses for logging purposes.

Options

This section displays the location of the Options file that Oxygen XML Web Author uses for various default settings.

License

Displays licensing information and allows you to configure a license server connection. You can also configure a backup license server. To make changes to the main or backup license server configuration, click the Configure button and enter the new server information (URL, User, Password) on the subsequent page.

Plugins

Displays the various plugins for your Oxygen XML Web Author and allows you to add and configure them. It also includes an Upload plugin button for adding new ones to the list. You can also click the Discover More Plugins link to open a webpage with a list of supported plugins.

Frameworks

Displays the various frameworks for your Oxygen XML Web Author and allows you to add and configure them. It also includes an Upload framework button for adding new ones to the list.

Connection

Allows you to configure the proxy settings for Oxygen XML Web Author.

Security

Provides options for handling security-related features:

Security Options

Application authentication provider

Use this option to activate application-level authentication to only allow authenticated users access to the application. This will significantly enhance the application's security, protecting against potential attacks (e.g. denial-of-service attacks). The possible selections are GitHub, GitLab, or GitLab Enterprise, but it is important to note that they are only available if configured. See Integrating Web Author with Git (GitHub, GitLab, Bitbucket) for configuration details.

Reject invalid security certificates

If selected, HTTPS connections with invalid certificates will be rejected. If not selected, security certificates are accepted, even if they are invalid.

Use the "Secure" attribute for the session cookie

If selected, the "Secure" cookie attribute will be added on the session cookie. This means that the browser will only send the session cookie over HTTPS (if enabled).

CAUTION: Do not enable this option unless Web Author is accessed only over HTTPS.

Use HTTP Strict Transport Security (HSTS)

If selected, the Strict-Transport-Security header that makes browsers access the application's domain will be set using only HTTPS protocol (including subdomains).

Warning: Do not set this option unless all the applications hosted on the DNS domain where Web Author is hosted, and the applications on the subdomains of this domain, are hosted only over HTTPS. Applications that use HTTP instead of HTTPS and are hosted on the DNS domain of Web Author and its subdomain will not work for Web Author users after you enable this setting.

Trusted Code

Trusted code locations

By default, Web Author does not load code (such as CSS or Schematron) referenced directly in documents unless it comes from the framework (document type association) or a plugin. However, you can specify code locations to be considered trusted by adding them (one per line) in the text area in this option.

Firewall

Allow All Connections

If selected, Web Author will allow connections to all hosts. You can select the Log each connection option to instruct Web Author to add information about each connection in the log file. If the logging is enabled, after a period of time, you can analyze the log file, compile a list of trusted hosts, and then limit the Web Author's connectivity to only the ones that you consider trusted.

Only allow connections to these trusted hosts

If selected, only connections to trusted hosts will be allowed. You can specify hosts to be considered trusted by adding them (one per line) in the text area in this option.

Tip: For more security-related details, see Configuring Security Settings.