Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
The'redirect.url.domains.allowed' property somehow doesn't restrict redirection
legacy Troubleshooting
Issue Even when the 'redirect.url.domains.allowed' property is set, some redirects occur. Steps to reproduce: 1) Set the following properties in the portal-ext.properties file. redirect.url.security.mode=domain...
Known vulnereabilities in jackson-databind-2.9.6
legacy Troubleshooting
Issue apio-architect-impl has a dependency of jackson-databind-2.9.6 which has the following known vulnerabilities: CVE-2018-19362 CVE-2018-19361 CVE-2018-19360 CVE-2018-14721 CVE-2018-14720 CVE-2018-14719...
Apache Log4j 1.x has reached its end-of-life
legacy
Issue Log4j 1.x has reached end-of-life status: https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces Environment Liferay DXP 7.0  Liferay DXP 7.1 Liferay DXP 7.2  Liferay DXP 7.3 ...
CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645
legacy Troubleshooting
Issue This article outlines the concerns of CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645 vulnerabilities with respect to the Liferay DXP Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP...
javax.portlet.PortletException: java.lang.IllegalStateException: getAttribute: Session already invalidated error
legacy
Issue Why does this error gets triggered? What would be the cause? INFO  [http-nio-8080-exec-2573][CustomLoginPortlet:726] url redirect = https://xxxx/group/yyyy ERROR [http-nio-8080-exec-2573][PortletServlet:112]...
Error when configuring SAML in a clustered environment for the first time
legacy Troubleshooting
Issue When configuring SAML in a clustered environment and entering the configuration Idp connection an error is shown: java.lang.RuntimeException: java.lang.NullPointerException at...
Browser console error : The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future
legacy Troubleshooting
Issue Browser console error as "The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented...
Getting mixed content on the portal
legacy Troubleshooting
Issue After enabling SSL and routing the domain, getting mixed content on the portal that is the pages in the https://www.abc.in referring the http://www.abc.in for the stylesheet, javascript, and henceforth....
Force Basic and Force Digest Auth option are not honored
legacy Troubleshooting
Issue Steps to reproduce: Configure Digest Authentication: System Settings > API Authentication > Digest Authentication: Force Digest Authentication: True Enabled: True Hosts Allowed: n/a URLs Excludes: n/a URLs...
Error signing via SAML: com.liferay.saml.runtime.exception.AudienceException: Unable verify audience
legacy Troubleshooting
Issue Liferay is configured as a SAML Service Provider. When trying to sign in to Liferay it is not possible and the following error is shown in the logs: 2022-01-20 11:50:38.554 ERROR [default...
Session logs out intermittently after being redirected by the payment link
legacy Troubleshooting
Issue After being redirected by the payment link, the session logs out. Steps to reproduce : 1. Login in Liferay. 2. Call the API in Postman. Request parameters are attached (SSL Commerz Request Parameters.txt)...
Unable to bind to the LDAP server javax.naming.CommunicationException: [Root exception is java.lang.ClassNotFoundException: javax.net.ssl.SSLSocketFactory cannot be found by com.liferay.saml.web_
legacy Troubleshooting
Issue During the time of portal login using the LDAP users, the user('s) are able to log in successfully, LDAP connections have an active connection but observed the below warnings in the Liferay log.  2021-12-17...
SAML Authentication Issue: Message context was not authenticated when Azure AD as IDP
legacy Troubleshooting
Issue After enabling the SAML, when the user is trying to log in, authentication failed with the following message. ERROR [http-nio-8080-exec-36][BaseSamlStrutsAction:59]...
Can Multi-Factor Authentication (MFA) be set for specific roles only?
legacy
Issue We want to set up MFA for Administrators only. Is this possible with Liferay out-of-the-box? Can we target specific users to sign in using multi-factor authentication? Environment DXP 7.4 DXP 7.3 DXP 7.2  ...
URL length modification / restriction
legacy
Issue Sometimes we need to modify or restrict the length or URL Liferay generates ( for example for security custom solutions ) but Liferay has no out of the box solution for that. Environment DXP 7.2...
How to enable CSRF Token in Liferay?
legacy
Issue How to enable CSRF Token in order to prevent CSRF attacks in Liferay? Environment Liferay DXP 7.2 Resolution Liferay's p_auth token protects against CSRF and is enabled by default. Here is the main...
Change the GUEST_LANGUAGE_ID cookie to expire Null
legacy Troubleshooting
Issue The Guest language ID cookie in Liferay has a one-year expiration, whereas the undefined cookie in the F5 balancer caused the conflict. Is there a way to modify the Cookie's duration in Liferay? Environment...
dtSa cookies containing special characters
legacy
Issue As dtsa cookies are detected, are these cookies URLs cause for concern? Is there any information concerning these cookies in relation to Liferay? Use Case: As Liferay generated dtSa cookies contain the...
How to configure the default timeout value to any value instead of having it capped at 500ms
legacy
Issue The default library timeout until Liferay DXP 7.2 fix pack dxp-3 is 250ms. The default library timeout since Liferay DXP 7.2 fix pack dxp-4 is 500ms.  Use Case: The user would like to be able to set/configure...
Liferay as SAML SP fails after switching the URL of the virtual instance
legacy Troubleshooting
Issue SAML configuration hasn't been working since the virtual host of the portal instance changed. Caused by: org.opensaml.ws.security.SecurityPolicyException: Request was required to be secured but was not...