Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Is request-based p_auth token supported to prevent CSRF attack?
legacy
Issue To prevent CSRF attacks, Liferay provides options to enable authentication token security checks. The current token is session-based token. Is request-based p_auth token supported? Environment Liferay DXP 7.1...
The Password Reset Screen is no longer showing the "Please set a new password" description
legacy
Issue After upgrading from 6.x to 7.x, the Password Reset Screen is no longer showing the "Please set a new password" description text. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution The "Please set...
How to upload authentication XML file from Bing ownership verification
legacy How To
Issue One of the methods to complete the verification process required to add a website to a Bing Webmaster Tools account is uploading a XML file to the root directory of the website and make it available on...
Apply button in OAuth 2 Administration is not working
legacy Troubleshooting
Issue When making changes under OAuth 2 Administration, such as generating a new client secret or editing Client ID, the Apply button may not respond when clicked. When viewing the browser console, you will see:...
Password is visible as a plain text in LDAP request
legacy Troubleshooting
Issue When intercepting the LDAP request using any third party tool(ex. Wireshark) password is visible as a plain text Environment Liferay 7.0 Resolution Enabling LDAP over SSL will transmit the credentials...
Whether to use OpenSSL
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue In...
Unable to process SAML SSO request
legacy Troubleshooting
Issue After configuring SAML SSO successfully, the user is unable to perform login and getting the following error in UI and Server console. UI Error:  "Unable to process SAML request" Server Console: ...
AWS S3 Signature Version 2 Discontinued
legacy How To
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
COOKIE_SUPPORT & GUEST_LANGUAGE_ID are not marked as Secure
legacy
Issue There are two cookies generated by Liferay DXP, COOKIE_SUPPORT & GUEST_LANGUAGE_ID, which is not marked as Secure. Environment Liferay DXP 7.1 + JBoss  Resolution This is related to the Web Server and Application...
Configuration of NTLMv2 with Liferay
legacy
Issue How to configure NTLMv2 in Liferay as there is no configuration available in Liferay control panel to differentiate the request/service Environment Liferay 6.x Liferay 7.0 and Liferay 7.1 Resolution...
User should be re-directed to the login page once the session expires
legacy How To
Issue Once the session expires, users remain on the same page on which they were already there until and unless they click on somewhere, then it redirects to the login page. Environment Liferay DXP 7.0 Resolution If...
Security Statement on CVE-2019-11444: Disputed Groovy Script console vulnerability
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2019-11444 arguing that attackers could allegedly use Liferay's Groovy script console to execute OS commands. Liferay disputes this issue because this is...
Data Protection for Liferay Services and Software
legacy
This whitepaper describes the data protection policies of Liferay DXP and describes Liferay's approach to protect personal data in compliance with local regulatory requirements such as GDPR. The paper is available for...
Liferay DXP Application Security Features
legacy
This document provides an overview of application-level security features in Liferay DXP. It discusses transport security, encryption, web services, SSO, OAuth, and more.  The paper is available for download here.,...
Liferay Security Development Overview
legacy
This paper provides an overview of the processes used during development and testing of Liferay products. Combined, these processes ensure that Liferay’s customers can have confidence in the security and ongoing...
Troubleshooting SAML Single Log Out when SLO fails
legacy Troubleshooting
Issue User is not logged out from Liferay SAML when the instance has expired. Liferay Session Timeout is set to 30 minutes and SAML Session is to 90 minutes. When SLO is triggered, the user is still signed in....
Known Issue: Browser Ignores Disabled Autocomplete Property for Saving User Login Information
legacy
Issue After setting company.security.login.form.autocomplete=false to disable autocomplete for user login information, the browser still permits users to save passwords or use password managers to manage password...
Known Issue: Security Scan Shows Liferay as a Potential Sharepoint Vulnerability - False Positive
legacy Troubleshooting
Issue There may be some instances where a security scan shows Liferay having a potential Sharepoint endpoint vulnerability. Specifically, the security scan's warning may be related to the /_vti_inf.html file. This is...
Existing users in Liferay can not login through SAML with "Screen name x must not be duplicate ..." error
legacy Troubleshooting
Issue If the user exists in Liferay (service provider), the user cannot log in through SAML due to duplicate screenname ERROR. 2019-04-23 04:29:45.758 ERROR [http-nio-18080-exec-7][BaseSamlStrutsAction:58] Screen name ccc...
Why does our internal server address appear when users authenticate against our SSO?
legacy
Issue When a user authenticates against an SSO they are redirected to the server they were logging into. As part of this both the SSO address and the server address appear in the URL for a brief time. This occurs...