Administration Page
Oxygen XML Web Author includes a user-friendly Administration Page that helps you to configure your instance of Oxygen XML Web Author. You can use this page to configure a variety of settings.
Administration Page Credentials
If you used the Linux, Windows, or All Platforms installation kits, the administration credentials are the ones configured during the initial setup.
- In a browser, open the Dashboard page. You will be redirected to an admin credentials configuration page.
- You need an initial password to set up the administrator account.
It can be defined before starting the server by adding the
OXYGEN_ADMIN_SETUP_PASSWORD
environmental variable or by passing theoxygen.admin.setup.password
system property. Otherwise, a password is randomly generated and can be found in the server logs. - Enter the initial password and the credentials that will be used to access the Administration Page.
Accessing the Administration Page
http://example.com:8080/oxygen-xml-web-author/app/admin.html
You can also access it from a link on the Dashboard page, but this method is mainly intended for the initial setup.
How to Hide the Administration Page Link
You can hide the Administration Page link from regular users by deselecting the Show a link to the Administration Page option that is available in the Settings section of the Administration Page.
Administration Page Settings
- General
-
- Change tracking initial state
- Allows you the choose the initial state of the Change Tracking feature. You can choose between Stored in document, Always On, and Always Off.
- Show content completion list when pressing Enter
- This option is selected by default, which means that when a user presses the Enter key, the content completion popup window will be opened. If this option is not selected, the Enter key will work similar to the behavior in normal word processors, but the user will still have the ability to open the content completion list by pressing CTRL+Enter.
- Show all possible elements in content completion list
- When selected, the Content Completion Assistant includes all possible elements, including those that are invalid at the current location, but those proposals are rendered in a lighter shade of gray, italicized, and appear after the valid proposals.
- Change editors without page reload
- When enabled, documents can be loaded in the main editing area without refreshing the entire web page. If you have customized Web Author through plugins, there might be instances where a custom behavior does not work as intended without refreshing the page, so disabling this option provides a possible temporary solution until the plugin is updated to account for the changes added to Web Author functionality. For more information about this, along with some best practice advice, plugin developers should see Best Practices for Plugin Developers.
- Logging
- This section displays the location of the Log file or Config file that Oxygen XML Web Author uses for logging purposes.
- Options
- This section displays the location of the Options file that Oxygen XML Web Author uses for various default settings.
- License
- Displays licensing information and allows you to configure a license server connection. You can also configure a backup license server. To make changes to the main or backup license server configuration, click the Configure button and enter the new server information (URL, User, Password) on the subsequent page.
- Plugins
- Displays the various plugins for your Oxygen XML Web Author and allows you to add and configure them. It also includes an Upload plugin button for adding new ones to the list. You can also click the Discover More Plugins link to open a webpage with a list of supported plugins.
- Frameworks
- Displays the various frameworks for your Oxygen XML Web Author and allows you to add and configure them. It also includes an Upload framework button for adding new ones to the list.
- Connection
- Allows you to configure the proxy settings for Oxygen XML Web Author.
- Security
-
Provides options for handling security-related features:
- Security Options
-
- Application authentication provider
- Use this option to activate application-level authentication to only allow authenticated users access to the application. This will significantly enhance the application's security, protecting against potential attacks (e.g. denial-of-service attacks). The possible selections are GitHub, GitLab, or GitLab Enterprise, but it is important to note that they are only available if configured. See Integrating Web Author with Git (GitHub, GitLab, Bitbucket) for configuration details.
- Reject invalid security certificates
- If selected, HTTPS connections with invalid certificates will be rejected. If not selected, security certificates are accepted, even if they are invalid.
- Use the "Secure" attribute for the session cookie
- If selected, the "Secure" cookie attribute will be added on the session
cookie. This means that the browser will only send the session cookie over HTTPS
(if enabled).CAUTION:Do not enable this option unless Web Author is accessed only over HTTPS.
- Use HTTP Strict Transport Security (HSTS)
- If selected, the Strict-Transport-Security header that makes browsers access
the application's domain will be set using only HTTPS protocol (including
subdomains).Warning:Do not set this option unless all the applications hosted on the DNS domain where Web Author is hosted, and the applications on the subdomains of this domain, are hosted only over HTTPS. Applications that use HTTP instead of HTTPS and are hosted on the DNS domain of Web Author and its subdomain will not work for Web Author users after you enable this setting.
- Trusted Code
-
- Trusted code locations
- By default, Web Author does not load code (such as CSS or Schematron) referenced directly in documents unless it comes from the framework (document type association) or a plugin. However, you can specify code locations to be considered trusted by adding them (one per line) in the text area in this option.
- Firewall
-
- Allow All Connections
- If selected, Web Author will allow connections to all hosts. You can select the Log each connection option to instruct Web Author to add information about each connection in the log file. If the logging is enabled, after a period of time, you can analyze the log file, compile a list of trusted hosts, and then limit the Web Author's connectivity to only the ones that you consider trusted.
- Only allow connections to these trusted hosts
- If selected, only connections to trusted hosts will be allowed. You can specify hosts to be considered trusted by adding them (one per line) in the text area in this option.
- Content Security Policy (CSP)
-
- Use CSP
- If selected, the Content Security Policy (CSP) header is enabled. The Content Security Policy provides a standard HTTP header that allows website owners to declare approved sources of content that browsers should be allowed to load on that page. It helps to prevent cross-site scripting (XSS) and related attacks. For more information about the Content Security Policy, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.
- Use a Custom Policy
- If selected, additional fields are revealed where you can use to configure you own custom security policy.
Tip:For more security-related details, see Configuring Security Settings.