Using OpenID Connect Authentication
To configure the Web Author Administration page to use authentication from an OpenID Connect server:
-
Edit the shiro.ini file located in the following location depending on your type of distribution:
- WAR distribution: WEB-INF/shiro.ini
- Windows/Linux/All Platforms: tomcat/webapps/oxygen-xml-web-author/WEB-INF/shiro.ini
- Disable the default user password authentication configuration by
deleting the lines between "Start user-password admin auth config" and "End
user-password admin auth
config":
# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # Start user-password admin auth config: usersFileRealm = ro.sync.adminauth.userpassword.UserPasswordAdminRealm passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher passwordService = ro.sync.adminauth.userpassword.PlainAndHashedPasswordService hashFormatFactory = ro.sync.adminauth.userpassword.PlainHashFormatFactory passwordService.hashFormatFactory = $hashFormatFactory passwordMatcher.passwordService = $passwordService usersFileRealm.credentialsMatcher = $passwordMatcher securityManager.realms = $usersFileRealm authc = ro.sync.adminauth.userpassword.UserPasswordFormAuthFilter authc.loginUrl = /admin-login # End user-password admin auth config. # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - Uncomment the OIDC authentication configuration by deleting leading
"#" characters like
below:
# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # Start OIDC admin auth config: # oidcApi=ro.sync.adminauth.oidc.OidcApi oidcApi.providerName=Okta oidcApi.clientId=[OIDC_CLIENT_ID] oidcApi.clientSecret=[OIDC_CLIENT_SECRET] oidcApi.authorizationEndpoint=[OIDC_AUTHORIZATION_ENDPOINT] oidcApi.tokenEndpoint=[OIDC_TOKEN_ENDPOINT] oidcApi.userInfoEndpoint=[OIDC_USER_INFO_ENDPOINT] # oidcRealm=ro.sync.adminauth.oidc.OidcAuthAdminRealm oidcRealm.oidcApi=$oidcApi # # For e.g: http://localhost:8081/oxygen-xml-web-author oidcRealm.webAuthorUrl=[WEB_AUTHOR_URL] # securityManager.realms = $oidcRealm # authc = ro.sync.adminauth.oidc.OidcAuthFilter # # End OIDC admin auth config. # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -
Configure it according to the application defined in your OIDC server.
Note:
The embedded license server does not support OIDC authentication.
The admin user for that license server is the one configured during the installation
procedure.
Notice:
When configuring the OIDC application, you have to set
something like this as the callback URL:
http://localhost:8081/oxygen-xml-web-author/admin-login/callback.