Edit online

Administration Page

Oxygen XML Web Author includes a user-friendly Administration Page that helps you to configure your instance of Oxygen XML Web Author. You can use this page to configure a variety of settings.

Administration Page Credentials

If you used the Linux, Windows, or All Platforms installation kits, the administration credentials are the ones configured during the initial setup.

If you used the Web Application Archive version, you need to configure the Administration Page credentials.
  1. In a browser, open the Dashboard page. You will be redirected to an admin credentials configuration page.
  2. You need an initial password to set up the administrator account. It can be defined before starting the server by adding the OXYGEN_ADMIN_SETUP_PASSWORD environmental variable or by passing the oxygen.admin.setup.password system property. Otherwise, a password is randomly generated and can be found in the server logs.
  3. Enter the initial password and the credentials that will be used to access the Administration Page.
Note:
The credentials are stored in the shiro-users.ini file located in the Oxygen Data Directory. The password is stored encrypted. For information about resetting the admin credentials, see Resetting Admin Credentials.

Accessing the Administration Page

To access the Administration Page, go to the following URL:
http://example.com:8080/oxygen-xml-web-author/app/admin.html

You can also access it from a link on the Dashboard page, but this method is mainly intended for the initial setup.

Figure 1. Administration Page Link

Administration Page Settings

You can click on any of the listed types of settings to access configurable options for each type. The Administration Page allows you to configure or view the following settings in the various links:
General
Change tracking initial state
Allows you the choose the initial state of the Change Tracking feature. You can choose between Stored in document, Always On, and Always Off.
Show content completion list when pressing Enter
This option is selected by default, which means that when a user presses the Enter key, the content completion popup window will be opened. If this option is not selected, the Enter key will work similar to the behavior in normal word processors, but the user will still have the ability to open the content completion list by pressing CTRL+Enter.
Show all possible elements in content completion list
When selected, the Content Completion Assistant includes all possible elements, including those that are invalid at the current location, but those proposals are rendered in a lighter shade of gray, italicized, and appear after the valid proposals.
Change editors without page reload
When enabled, documents can be loaded in the main editing area without refreshing the entire web page. If you have customized Web Author through plugins, there might be instances where a custom behavior does not work as intended without refreshing the page, so disabling this option provides a possible temporary solution until the plugin is updated to account for the changes added to Web Author functionality. For more information about this, along with some best practice advice for plugin developers, see Best Practices for Plugin Developers.
Logging
This section displays the location of the Log file or Config file that Oxygen XML Web Author uses for logging purposes.
Options
This section displays the location of the Options file that Oxygen XML Web Author uses for various default settings.
License
Displays licensing information and allows you to configure a license server connection. You can also configure a backup license server. To make changes to the main or backup license server configuration, click the Configure button and enter the new server information (URL, User, Password) on the subsequent page.
Plugins
Displays the various plugins for your Oxygen XML Web Author and allows you to add and configure them. It also includes an Upload plugin button for adding new ones to the list. You can also click the Discover More Plugins link to open a webpage with a list of supported plugins.
Frameworks
Displays the various frameworks for your Oxygen XML Web Author and allows you to add and configure them. It also includes an Upload framework button for adding new ones to the list.
Connection
Allows you to configure the proxy settings for Oxygen XML Web Author.
Security

Provides options for handling security-related features:

Security Options
Application authentication provider
Use this option to activate application-level authentication to only allow authenticated users access to the application. This will significantly enhance the application's security, protecting against potential attacks (e.g. denial-of-service attacks). The possible selections are GitHub, GitLab, or GitLab Enterprise, but it is important to note that they are only available if configured. See Integrating Web Author with Git (GitHub, GitLab, Bitbucket) for configuration details.
Reject invalid security certificates
If selected, HTTPS connections with invalid certificates will be rejected. If not selected, security certificates are accepted, even if they are invalid.
Use the "Secure" attribute for the session cookie
If selected, the "Secure" cookie attribute will be added on the session cookie. This means that the browser will only send the session cookie over HTTPS (if enabled).
CAUTION:
Do not enable this option unless Web Author is accessed only over HTTPS.
Use HTTP Strict Transport Security (HSTS)
If selected, the Strict-Transport-Security header that makes browsers access the application's domain will be set using only HTTPS protocol (including subdomains).
Warning:
Do not set this option unless all the applications hosted on the DNS domain where Web Author is hosted, and the applications on the subdomains of this domain, are hosted only over HTTPS. Applications that use HTTP instead of HTTPS and are hosted on the DNS domain of Web Author and its subdomain will not work for Web Author users after you enable this setting.
Trusted Code
Trusted code locations
By default, Web Author does not load code (such as CSS or Schematron) referenced directly in documents unless it comes from the framework (document type association) or a plugin. However, you can specify code locations to be considered trusted by adding them (one per line) in the text area in this option.
Firewall
Allow All Connections
If selected, Web Author will allow connections to all hosts. You can select the Log each connection option to instruct Web Author to add information about each connection in the log file. If the logging is enabled, after a period of time, you can analyze the log file, compile a list of trusted hosts, and then limit the Web Author's connectivity to only the ones that you consider trusted.
Only allow connections to these trusted hosts
If selected, only connections to trusted hosts will be allowed. You can specify hosts to be considered trusted by adding them (one per line) in the text area in this option.
Content Security Policy (CSP)
Use CSP
If selected, the Content Security Policy (CSP) header is enabled. The Content Security Policy provides a standard HTTP header that allows website owners to declare approved sources of content that browsers should be allowed to load on that page. It helps to prevent cross-site scripting (XSS) and related attacks. For more information about the Content Security Policy, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.
Use a Custom Policy
If selected, additional fields are revealed where you can use to configure you own custom security policy.
Tip:
For more security-related details, see Configuring Security Settings.