Edit online

Application Authentication with OIDC

Oxygen XML Web Author supports authentication through the OpenID Connect protocol by configuring the "Web Author OIDC Authentication Plugin" from the Administration Page (in the Plugins section). Supported identity providers include Microsoft Entra ID and Okta.

Note:
To enable OIDC authentication for administrators, you must follow this procedure: https://www.oxygenxml.com/doc/ug-waCustom/topics/wa-login-admin-oidc.html.
To enable authentication with OIDC:
  1. Define a new application in the administration interface of your OpenID Connect provider to represent your Oxygen XML Web Author deployment:
    1. When you are asked for a redirect URI, use the following value:

      http://<web-author-address>/oxygen-xml-web-author/plugins-dispatcher/oidc-callback (where <web-author-address> is replaced with the actual address of your server).

    2. After you define the application, you need to note the Client ID (or Application (client) ID for Microsoft Entra ID) and Client Secret that will be generated for you.
  2. On the machine where Web Author is installed, go to the Administration Page. In the Plugins section, find Web Author OIDC Authentication Plugin and click on Configure.
    For Okta:
    • Provider Name - Enter a name familiar for your users. They will see it in the UI: "Authenticate with <Provider Name>".
    • To retrieve the authorization, token, and user info endpoints, append /.well-known/openid-configuration to the Issuer URI of your Authorization Server. You can find the Issuer URI in Okta Admin Console > Security > API > Authorization Servers.
      For example, your discovery URL might look like:
      https://&lt;okta-subdomain>.okta.com/oauth2/&lt;authorizationServerId>/.well-known/openid-configuration

      where you must replace <okta-subdomain>with your Okta domain, and <authorizationServerId> with the actual ID of your Authorization Server.

    • Client ID - Enter the Client ID that was generated in step one.
    • Client Secret - Enter the Client Secret that was generated in step one.
    For Microsoft Entra ID:
    • Provider Name - Enter a name familiar for your users. They will see it in the UI: "Authenticate with <Provider Name>".
    • To retrieve the authorization, token, and user info endpoints, use: https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configurationwhere you must replace <tenant-id> with the Directory (tenant) ID from your registered application's overview in Azure Portal.
    • Client ID - Enter the Application (client) ID that was generated in step one.
    • Client Secret - Enter the Client Secret that was generated in step one.
  3. Click Apply.
  4. To enable Single Sign-On in Web Author using one of the configured providers, follow these steps:
    1. Open the Administration Page in Web Author.
    2. Navigate to the Security section.
    3. In the Application authentication provider drop-down list, select the identity provider you configured (e.g., OKTA or Microsoft Entra ID).
    4. Click Apply to activate the selected provider.

Result: Users will now have the option to log on to Web Author using the OpenID Connect provider.