Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Is Liferay's SAML Service Provider Logout URL required in the Identity Provider?
legacy Troubleshooting
Issue Azure's SAML Identity Provider (IdP) marks the Service Provider's (SP) Logout URL as "optional" However, when I remove Liferay's Logout URL from Azure's SAML configurations, Liferay users are not signed out...
Vulnerability:About CVE-2022-45143
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
How to prevent an AD user from logging into Liferay using the old password if LDAP authentication cannot set to be required
legacy Troubleshooting
Issue After the user changes the password in Microsoft Active Directory (AD), the user can still log into Liferay using the old password. If enabling "Required" option, the issue can be resolved. But users created manually...
LDAPからのユーザーインポートについて
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: LDAPからのユーザーインポートについて, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: LDAPからのユーザーインポートについて
DXPで「ldap.import.create.role.per.group」を使用する方法
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: DXPで「ldap.import.create.role.per.group」を使用する方法, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title:...
LiferayでのSAML設定方法
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: LiferayでのSAML設定方法, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: LiferayでのSAML設定方法
SCIM Support for Microsoft Entra ID
legacy
Issue Is there complete out-of-the-box SCIM support for Microsoft Entra ID in Liferay DXP? Environment Versions before 2025.Q2.0. Resolution Full support for Microsoft Entra ID with Liferay's SCIM functionality was...
User ID's and Emails populating due to SSTI vulnerability
legacy Troubleshooting
Issue We've found an undesirable behvavior when using new widget templates on a page. When using the expandoColumnLocalService.CTPersistence.openNewSession(null) function, the the direct SQL query execution within...
Is it Possible to Require an Administrator to Enter Their Password When Changing a User's Password?
legacy
Issue When I want to updates a user's password as an administrator, the system does not require to re-enter my own password for authentication. This is inconsistent with other actions, such as updating a screen...
Web Content Templates cache Absolute image URLs, not Relative URLs
legacy Troubleshooting
Issue The templates cache absolute image URLs instead of relative URLs. Environment 2024.Q1.12, 2024.Q1.18 Resolution Upgrade to 2024.Q2.0+ or Request a hotfix with LPD-23196, knowledgeArticleType: troubleshooting,...
Does Liferay have an Attestation of Compliance to be PCI certified?
legacy
Issue We are in the process of reviewing application compliance and want to know if Liferay has an attestation of compliance (related to PCI), specifically the Payment Card Industry Data Security Standard? Environment...
Password Reset Link Immediately Shows as 'No Longer Valid'
legacy Troubleshooting
Issue When a user requests a password reset, the link in the notification email leads to an error page stating, "Your password reset link is no longer valid." This occurs even if the link is clicked immediately...
StaleStateException Error During Startup with OpenID Connect Configuration
legacy Troubleshooting
Issue During a Liferay DXP startup, the following error message appears in the logs, related to OpenID Connect provider configuration: ERROR [...][BatchingBatch:139] HHH000315: Exception executing batch...
Workflow Task URL for Unauthorized User Returns 404 Instead of Login Page
legacy Troubleshooting
Issue When an unauthorized user attempts to access a workflow task URL, they are shown a 404 error page instead of being redirected to the login page. This issue specifically occurs when the URL follows the...
OAuth2 Token sometimes gets 401 response
legacy Troubleshooting
Issue Sometimes users are unable to log in because their OAuth2 tokens receive a 401 "Unauthorized" response. This seems to happen randomly, and the tokens should be valid. Environment Liferay DXP Resolution...
Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP
legacy Troubleshooting
Issue Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP We found this article and had a hotfix with LPS-76246 We found that the fix is not applied correctly. Environment Liferay DXP 7.3...
Time-Based Authenticator QR Code Not Populating
legacy Troubleshooting
Issue When trying to set up the QR Code for MFA settings, following this documentation Multi-Factor Authentication Checkers, we've found that the QR code doesn't populate. It should be populating under "Shared...
Node.js Version for Client Extension Development and Handling Security Vulnerabilities
legacy
Issue When developing client extensions with React for Liferay DXP 2024.Q4 or newer, what is the recommended Node.js version? The official compatibility matrix suggests Node.js version 20.12.2, but this version...
Logging to application always taking to home page instead of request url
legacy Troubleshooting
Issue We are encountering an issue where users are consistently redirected to the application's homepage immediately following SAML authentication, even when an alternative page was initially requested. Environment...
B2C SSO Configuration with OpenID Connect Not Working
legacy Troubleshooting
Issue Setting up Business-to-Consumer (B2C) single sign-on (SSO) configuration with Liferay using OpenID Connect (OIDC) in Azure AD B2C is not working as expected. After enabling OpenID under Instance Settings in...
Is Liferay affected by CVE-2024-6783?
legacy
Issue After performing a security scan, a Vue.js vulnerability reported as CVE-2024-6783 is identified. Environment Liferay DXP 7.4 - Quarterly Releases Resolution Liferay is not impacted by CVE-2024-6783 as Liferay DXP...
Application Accept Special Characters in Input Fields
legacy
Issue The application accepts special characters in input fields. Ex: " ' ` * ; % _ = & | \ ? ~ < > ^ () [] {} $ \n\ Steps to Reproduce: 1. Start Liferay server. 2. Navigate to the user’s profile. 3. Click on...
Liferay Marketplace App Manager Web XSS Vulnerability (CVE-2025-4388)
legacy Troubleshooting
Issue A reflected cross-site scripting (XSS) vulnerability (CVE-2025-4388) in /o/marketplace-app-manager-web/icon.jsp allows a remote non-authenticated attacker to inject JavaScript into the...
Step-by-Step SAML Integration with Liferay and Keycloak
legacy How To
Issue Is Keycloak supported with Liferay? If yes, how can SAML be configured with Liferay? Environment Lifeary DXP [All versions] Resolution As per Liferay’s official compatibility matrix, Keycloak is not listed as a...
I received the following error in the log: Feature flag LPD-10588 is not available for company 0
legacy Troubleshooting
Issue After upgrading to 2025.q1.6-lts, I received the following error in the log: Feature flag LPD-10588 is not available for company 0 Environment Liferay Quarterly Release 2025.q1.6-lts Resolution The case has been...
How to change the number of digits in the CSRF token parameter "p_auth
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
The screen name cannot be an email address or a reserved word
legacy Troubleshooting
Issue When trying to log in with an Active Directory user, sign-in failed with the below error ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:59] Screen name test@liferay.com for user 34945 must validate...
How to protect against CVE-2022-41853 vulnerability
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-41853 regarding Liferay DXP?   Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3   Resolution CVE-2022-41853 : This...
Liferay Security Scanning
legacy
Issue What procedures does Liferay follow to perform security scanning? Environment Liferay DXP Resolution Liferay uses DAST and SAST tools for scanning. Pen test and manual code reviews are performed as well....
Link doesn't work in Knowledge base when a non-standard protocol is chosen.
legacy Troubleshooting
Issue When adding the notes:// protocol to a link in Knowledge Base, AntiSamy removes it and displays it as text. Environment Liferay DXP 7.2, 7.3 Resolution By default, everything is sanitized by AntiSamy, with 3...
Are Unique Email Addresses Required for Authentication
legacy
Issue Our company has a few external clients whose users have unique screen names, but all share one email address. This is causing various conflicts such as two users being unable to sign in simultaneously. The error...
How to Login after Blacklisting the Sign-In Portlet
legacy Troubleshooting
Issue We Blacklisted the Sign-In Portlet with a third-party authentication application and the admin logins were not synchronized in the process and so now we can no longer access our environment. How can we restore...
Is there a limit to the number of IdPs registered?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
Search in Control Panel > Audit makes long URL
legacy
Issue A search in Control Panel > Security > Audit always sends empty search parameters in the GET URL. As a result, URLs are very long and can be blocked by firewall-infrastructure. Steps to reproduce: Navigate to...
SAML Admin - "Metadata XML is null" error
legacy Troubleshooting
Issue When attempting to create a new Identity Provider under SAML Admin, having entered the required information, when ‘Save’ is clicked the UI displays: "Error: Please enter a valid identity provider entity ID."...
SAML Download Certificate button is broken, with Redirect URL errors seen
legacy Troubleshooting
Issue The Download Certificate button doesn't work in the SAML Admin. When I click on the Download Certificate button, nothing happens. Redirect URL errors are seen in Liferay logs, such as:...
Does CVE-2022-47966 affect Liferay?
legacy
Issue Our security scan has shown CVE-2022-47966 as an active critical vulnerability. Is Liferay affected? Environment DXP 7.2 Resolution The out-of-the-box Liferay product is not affected by this vulnerability. So,...
Users see the message "Redirecting to your identity provider" before redirecting to OKTA login screen
legacy Troubleshooting
Issue The guest user observed the message "Redirecting to your identity provider" showed up before the OKTA user login screen showed up. The behavior just happened after upgrading the environment to 7.4 Update 56. We don't...
How to protect against the vulnerabilities related to SnakeYaml in version 1.27
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752 regarding Liferay DXP? Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2...
Not Found page seen instead of Login Prompt when logged out and navigating to private pages
legacy How To
Issue When not logged in, and user attempts to navigate to private page's URL, instead of being prompted to log in, a 'Not Found' page is seen instead. Environment DXP 7.4 Resolution In DXP 7.3, when users are not logged...