Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
In SAML setup user is not getting login in the SP and receiving warning on the UI
legacy Troubleshooting
Issue After setting up the SAML process, the user tries to log in receiving the warning below and not being logged in. Environment Liferay 2023.Q4.0 Resolution If users are setting up an identity provider as...
Is it possible to offer both SAML and OIDC as SSO options?
legacy How To
Issue Both SAML and OpenID Connect(OIDC) can be configured on the same Liferay instance. However, the option to authenticate using OIDC is missing whenever SAML is enabled. Is it possible for a user to select either SSO...
Email are not sent from Liferay when Office365 is used as the server
legacy Troubleshooting
Issue Emails are not sent out from Liferay In the log, we see the following error: liferay[liferay-7] [dxp] ERROR [liferay/mail-6][MailEngine:74] Unable to send message: 535 5.7.139 Authentication unsuccessful, the...
Is there a way to bypass CAPTCHA without having to disable it?
legacy How To
Issue We will do some Automation tests in our QA environment and would like to know if it is possible to bypass CAPTCHA using configuration settings without having to disable it. Environment Liferay DXP 7.4...
Liferay 6.2 EE 173 and CVE-2024-25145
legacy
Issue We have found the following article CVE-2024-25145 Stored XSS with search results if highlighting is disabled, however it does not specify whether Liferay 6.2 EE 173 is affected or not. Environment Liferay 6.2 EE...
"Text verification failed" Captcha error
legacy Troubleshooting
Issue We are trying to use the Reset Password functionality, but every time we enter the captcha text correctly, we always get an error saying: "Text verification failed". We noticed this same behavior on other...
Vulnerability in Apache Tomcat (CVE-2023-46589)
legacy Troubleshooting
Issue This security vulnerability (CVE-2023-46589) has been reported, and it is fixed in Tomcat 9.0.83. However, our current Liferay DXP 7.4 update 67 has a 9.0.71 Tomcat version. Environment Liferay DXP 7.4...
Can SAML be used to send an attribute that can be used to assign site roles?
legacy
Issue Currently, SAML is not designed to be utilized to send an attribute that can be used to assign site roles. Environment Quarterly Releases Resolution This is an ongoing task, LPD-6336, for Liferay. Liferay is...
OpenID Connect Error - "Signed JWT rejected" with CAS
legacy Troubleshooting
Issue When configuring authentication using OpenID Connect, login fails and the following error is reported: Unable to validate tokens: Signed JWT rejected: Another algorithm expected, or no matching key(s) found...
OpenID Connect Error - "Signed JWT rejected"
legacy Troubleshooting
Issue When configuring authentication using OpenID Connect, login fails and the following error is reported: Unable to validate tokens: Signed JWT rejected: Another algorithm expected, or no matching key(s) found...
Browser Pop-Up For Non-Https Site
legacy Troubleshooting
Issue We are seeing a browser pop-up warning for our users when they try to login to our http site. They become concerned as it says the connection is not secure, but to 'send anyway'. Can this be disabled by Liferay...
Is Liferay's SAML Service Provider Logout URL required in the Identity Provider?
legacy Troubleshooting
Issue Azure's SAML Identity Provider (IdP) marks the Service Provider's (SP) Logout URL as "optional" However, when I remove Liferay's Logout URL from Azure's SAML configurations, Liferay users are not signed out...
Does CVE-2016-1000027 affect Liferay?
legacy
Issue Security scan shows CVE-2016-1000027 as an active vulnerability, is Liferay affected? Environment DXP 7.4 Resolution CVE-2016-1000027 is known to us, and we can confirm that Liferay should not be vulnerable, as...
Does CVE-2022-47966 affect Liferay?
legacy
Issue Our security scan has shown CVE-2022-47966 as an active critical vulnerability. Is Liferay affected? Environment DXP 7.2 Resolution The out-of-the-box Liferay product is not affected by this vulnerability. So,...
XSS and Web Content editing
legacy Troubleshooting
Issue Web Content Editing If a script is added to the content field and published, the script is executed when the article is displayed. Accessing the page triggers an alert each time. Allowing such content could...
Where is the password reset email set up and in what priority order?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
I am redirected to the home guest page after login with SAML
legacy Troubleshooting
Issue After logging in with SAML, I am redirected to the Home Page of a non-logged-in user. I am redirected back to the Portal login screen after login with SAML Environment Portal 6.2 DXP 7.0+ Resolution This can be...
Does Liferay DXP validate Session Identifiers?
legacy
Issue Does Liferay DXP validate Session Identifiers? And yes, Liferay does validate Session Identifiers! Environment Liferay DXP Resolution As for the session configuration in the portal we have the...
Insecure HTTP methods
legacy How To
Issue HTTP methods like HEAD, OPTIONS, TRACE may provide information about the application that can be used in attacks like XST, CSRF, steal of sensitive information. How we can disable insecure/unnecessary http...
How to protect against the vulnerabilities related to SnakeYaml in version 1.27
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752 regarding Liferay DXP? Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2...