Edit online

Using OpenID Connect Authentication

To configure the Web Author Administration page to use authentication from an OpenID Connect server:

  1. Edit the shiro.ini file located in the following location depending on your type of distribution:

    • WAR distribution: WEB-INF/shiro.ini
    • Windows/Linux/All Platforms: tomcat/webapps/oxygen-xml-web-author/WEB-INF/shiro.ini
  2. Disable the default user password authentication configuration by deleting the lines between "Start user-password admin auth config" and "End user-password admin auth config":
    # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# Start user-password admin auth config:

usersFileRealm = ro.sync.adminauth.userpassword.UserPasswordAdminRealm

passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordService = ro.sync.adminauth.userpassword.PlainAndHashedPasswordService
hashFormatFactory = ro.sync.adminauth.userpassword.PlainHashFormatFactory

passwordService.hashFormatFactory = $hashFormatFactory
passwordMatcher.passwordService = $passwordService 

usersFileRealm.credentialsMatcher = $passwordMatcher

securityManager.realms = $usersFileRealm

authc = ro.sync.adminauth.userpassword.UserPasswordFormAuthFilter
authc.loginUrl = /admin-login

# End user-password admin auth config.
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  3. Uncomment the OIDC authentication configuration by deleting leading "#" characters like below:
    # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# Start OIDC admin auth config:
#
oidcApi=ro.sync.adminauth.oidc.OidcApi
oidcApi.providerName=Okta
oidcApi.clientId=[OIDC_CLIENT_ID]
oidcApi.clientSecret=[OIDC_CLIENT_SECRET]
oidcApi.authorizationEndpoint=[OIDC_AUTHORIZATION_ENDPOINT]
oidcApi.tokenEndpoint=[OIDC_TOKEN_ENDPOINT]
oidcApi.userInfoEndpoint=[OIDC_USER_INFO_ENDPOINT]
#
oidcRealm=ro.sync.adminauth.oidc.OidcAuthAdminRealm
oidcRealm.oidcApi=$oidcApi
#
# For e.g: http://localhost:8081/oxygen-xml-web-author
oidcRealm.webAuthorUrl=[WEB_AUTHOR_URL]
#
securityManager.realms = $oidcRealm
#
authc = ro.sync.adminauth.oidc.OidcAuthFilter
#
# End OIDC admin auth config.
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  4. Configure it according to the application defined in your OIDC server.

Note:
The embedded license server does not support OIDC authentication. The admin user for that license server is the one configured during the installation procedure.
Notice:
When configuring the OIDC application, you have to set something like this as the callback URL: http://localhost:8081/oxygen-xml-web-author/admin-login/callback.